From d5db028f57225a03da8c3e19f8c0415629f60e65 Mon Sep 17 00:00:00 2001 From: zengqiao Date: Tue, 9 Mar 2021 15:13:55 +0800 Subject: [PATCH 1/6] optimize ldap --- .../manager/common/entity/ResultStatus.java | 2 +- .../component/ldap/LdapAuthentication.java | 74 ++++++++++--------- .../component/sso/BaseSessionSignOn.java | 37 ++-------- .../src/main/resources/application.yml | 23 +++--- 4 files changed, 56 insertions(+), 80 deletions(-) rename kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java => kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java (58%) diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java index 8f0f229b..454a687f 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java +++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java @@ -106,7 +106,7 @@ public enum ResultStatus { STORAGE_UPLOAD_FILE_FAILED(8050, "upload file failed"), STORAGE_FILE_TYPE_NOT_SUPPORT(8051, "File type not support"), STORAGE_DOWNLOAD_FILE_FAILED(8052, "download file failed"), - LDAP_AUTHENTICATION_FAILED(8053, "LDAP authentication failed"), + LDAP_AUTHENTICATION_FAILED(8053, "ldap authentication failed"), ; diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java similarity index 58% rename from kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java rename to kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java index eff3bc25..f456c916 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java @@ -1,6 +1,8 @@ -package com.xiaojukeji.kafka.manager.common.utils.ldap; +package com.xiaojukeji.kafka.manager.account.component.ldap; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @@ -15,33 +17,31 @@ import javax.naming.ldap.LdapContext; import java.util.Hashtable; @Component -public class LDAPAuthentication { +public class LdapAuthentication { + private static final Logger LOGGER = LoggerFactory.getLogger(LdapAuthentication.class); - @Value(value = "${ldap.url}") + @Value(value = "${account.ldap.url:}") private String ldapUrl; - @Value(value = "${ldap.basedn}") + @Value(value = "${account.ldap.basedn:}") private String ldapBasedn; - @Value(value = "${ldap.factory}") + @Value(value = "${account.ldap.factory:}") private String ldapFactory; - @Value(value = "${ldap.filter}") - private String ldapfilter; + @Value(value = "${account.ldap.filter:}") + private String ldapFilter; - @Value(value = "${ldap.auth-user-registration-role}") - private String authUserRegistrationRole; - - @Value(value = "${ldap.security.authentication}") + @Value(value = "${account.ldap.security.authentication:}") private String securityAuthentication; - @Value(value = "${ldap.security.principal}") + @Value(value = "${account.ldap.security.principal:}") private String securityPrincipal; - @Value(value = "${ldap.security.credentials}") + @Value(value = "${account.ldap.security.credentials:}") private String securityCredentials; - private LdapContext getConnect() { + private LdapContext getLdapContext() { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, ldapFactory); env.put(Context.PROVIDER_URL, ldapUrl + ldapBasedn); @@ -53,19 +53,19 @@ public class LDAPAuthentication { try { return new InitialLdapContext(env, null); } catch (AuthenticationException e) { - e.printStackTrace(); + LOGGER.warn("class=LdapAuthentication||method=getLdapContext||errMsg={}", e); } catch (Exception e) { - e.printStackTrace(); + LOGGER.error("class=LdapAuthentication||method=getLdapContext||errMsg={}", e); } return null; } - private String getUserDN(String account,LdapContext ctx) { + private String getUserDN(String account, LdapContext ctx) { String userDN = ""; try { SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); - String filter = "(&(objectClass=*)("+ldapfilter+"=" + account + "))"; + String filter = "(&(objectClass=*)("+ldapFilter+"=" + account + "))"; NamingEnumeration en = ctx.search("", filter, constraints); if (en == null || !en.hasMoreElements()) { @@ -82,9 +82,8 @@ public class LDAPAuthentication { } } } catch (Exception e) { - e.printStackTrace(); + LOGGER.error("class=LdapAuthentication||method=getUserDN||account={}||errMsg={}", account, e); } - return userDN; } @@ -94,35 +93,38 @@ public class LDAPAuthentication { * @param password * @return */ - public boolean authenricate(String account, String password) { - LdapContext ctx = getConnect(); - - boolean valide = false; + public boolean authenticate(String account, String password) { + LdapContext ctx = getLdapContext(); + if (ValidateUtils.isNull(ctx)) { + return false; + } try { - String userDN = getUserDN(account,ctx); + String userDN = getUserDN(account, ctx); if(ValidateUtils.isBlank(userDN)){ - return valide; + return false; } + ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.reconnect(null); - valide = true; - } catch (AuthenticationException e) { - System.out.println(e.toString()); + + return true; + } catch (AuthenticationException e) { + LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); } catch (NamingException e) { - e.printStackTrace(); - }finally { - if(ctx!=null) { + LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); + } catch (Exception e) { + LOGGER.error("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); + } finally { + if(ctx != null) { try { ctx.close(); } catch (NamingException e) { - e.printStackTrace(); + LOGGER.error("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); } } } - - return valide; + return false; } - } diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java index c67cca08..f3206255 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java @@ -2,7 +2,6 @@ package com.xiaojukeji.kafka.manager.account.component.sso; import com.xiaojukeji.kafka.manager.account.AccountService; import com.xiaojukeji.kafka.manager.account.component.AbstractSingleSignOn; -import com.xiaojukeji.kafka.manager.common.bizenum.AccountRoleEnum; import com.xiaojukeji.kafka.manager.common.constant.LoginConstant; import com.xiaojukeji.kafka.manager.common.entity.Result; import com.xiaojukeji.kafka.manager.common.entity.ResultStatus; @@ -10,7 +9,7 @@ import com.xiaojukeji.kafka.manager.common.entity.dto.normal.LoginDTO; import com.xiaojukeji.kafka.manager.common.entity.pojo.AccountDO; import com.xiaojukeji.kafka.manager.common.utils.EncryptUtil; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; -import com.xiaojukeji.kafka.manager.common.utils.ldap.LDAPAuthentication; +import com.xiaojukeji.kafka.manager.account.component.ldap.LdapAuthentication; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; @@ -28,19 +27,11 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { private AccountService accountService; @Autowired - private LDAPAuthentication ldapAuthentication; + private LdapAuthentication ldapAuthentication; //是否开启ldap验证 - @Value(value = "${ldap.enabled}") - private boolean ldapEnabled; - - //ldap自动注册的默认角色。请注意:它通常来说都是低权限角色 - @Value(value = "${ldap.auth-user-registration-role}") - private String authUserRegistrationRole; - - //ldap自动注册是否开启 - @Value(value = "${ldap.auth-user-registration}") - private boolean authUserRegistration; + @Value(value = "${account.ldap.enabled:}") + private Boolean accountLdapEnabled; @Override public Result loginAndGetLdap(HttpServletRequest request, HttpServletResponse response, LoginDTO dto) { @@ -50,27 +41,15 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { Result accountResult = accountService.getAccountDO(dto.getUsername()); - //modifier limin - //判断是否激活了LDAP验证。若激活并且数据库无此用户则自动注册 - if(ldapEnabled){ + //判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证 + if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){ //去LDAP验证账密 - if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){ + if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){ return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED); } - - if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){ - //自动注册 - AccountDO accountDO = new AccountDO(); - accountDO.setUsername(dto.getUsername()); - accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole()); - accountDO.setPassword(EncryptUtil.md5(dto.getPassword())); - accountService.createAccount(accountDO); - } - return Result.buildSuc(dto.getUsername()); - } - + if (ValidateUtils.isNull(accountResult) || accountResult.failed()) { return new Result<>(accountResult.getCode(), accountResult.getMessage()); } diff --git a/kafka-manager-web/src/main/resources/application.yml b/kafka-manager-web/src/main/resources/application.yml index 89fca91c..9529dda1 100644 --- a/kafka-manager-web/src/main/resources/application.yml +++ b/kafka-manager-web/src/main/resources/application.yml @@ -11,7 +11,6 @@ spring: name: kafkamanager datasource: kafka-manager: - jdbc-url: jdbc:mysql://127.0.0.1:3306/logi_kafka_manager?characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8 username: admin password: admin @@ -50,6 +49,15 @@ task: account: ldap: + enabled: false + url: ldap://127.0.0.1:389/ + basedn: dc=tsign,dc=cn + factory: com.sun.jndi.ldap.LdapCtxFactory + filter: sAMAccountName + security: + authentication: simple + principal: cn=admin,dc=tsign,dc=cn + credentials: admin kcm: enabled: false @@ -83,16 +91,3 @@ notify: topic-name: didi-kafka-notify order: detail-url: http://127.0.0.1 - -ldap: - enabled: false - url: ldap://127.0.0.1:389/ - basedn: dc=tsign,dc=cn - factory: com.sun.jndi.ldap.LdapCtxFactory - filter: sAMAccountName - security: - authentication: simple - principal: cn=admin,dc=tsign,dc=cn - credentials: admin - auth-user-registration-role: normal - auth-user-registration: true From 06d51dd0b8b74f2a4cbe2f3a29c18060ab5dea6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AD=99=E8=B6=85?= Date: Tue, 9 Mar 2021 18:07:42 +0800 Subject: [PATCH 2/6] =?UTF-8?q?clipbord=E7=89=88=E6=9C=AC=E9=94=81?= =?UTF-8?q?=E5=AE=9A=E5=9C=A82.0.6=EF=BC=8C=E5=8D=87=E7=BA=A72.0.7?= =?UTF-8?q?=E4=BC=9A=E5=BC=95=E8=B5=B7ts=E6=89=93=E5=8C=85=E6=8A=A5?= =?UTF-8?q?=E9=94=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kafka-manager-console/package.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kafka-manager-console/package.json b/kafka-manager-console/package.json index f06c4120..920fa613 100644 --- a/kafka-manager-console/package.json +++ b/kafka-manager-console/package.json @@ -1,6 +1,6 @@ { - "name": "mobx-ts-example", - "version": "1.0.0", + "name": "logi-kafka", + "version": "2.3.1", "description": "", "scripts": { "start": "webpack-dev-server", @@ -21,7 +21,7 @@ "@types/spark-md5": "^3.0.2", "antd": "^3.26.15", "clean-webpack-plugin": "^3.0.0", - "clipboard": "^2.0.6", + "clipboard": "2.0.6", "cross-env": "^7.0.2", "css-loader": "^2.1.0", "echarts": "^4.5.0", @@ -56,4 +56,4 @@ "dependencies": { "format-to-json": "^1.0.4" } -} +} \ No newline at end of file From 67c37a098414c44008936924de59fe1b9355c072 Mon Sep 17 00:00:00 2001 From: zengqiao Date: Wed, 10 Mar 2021 13:52:09 +0800 Subject: [PATCH 3/6] optimize ldap --- .../component/sso/BaseSessionSignOn.java | 19 +++++++++++++++++++ .../src/main/resources/application.yml | 2 ++ 2 files changed, 21 insertions(+) diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java index f3206255..1ff36964 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java @@ -2,6 +2,7 @@ package com.xiaojukeji.kafka.manager.account.component.sso; import com.xiaojukeji.kafka.manager.account.AccountService; import com.xiaojukeji.kafka.manager.account.component.AbstractSingleSignOn; +import com.xiaojukeji.kafka.manager.common.bizenum.AccountRoleEnum; import com.xiaojukeji.kafka.manager.common.constant.LoginConstant; import com.xiaojukeji.kafka.manager.common.entity.Result; import com.xiaojukeji.kafka.manager.common.entity.ResultStatus; @@ -33,6 +34,14 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { @Value(value = "${account.ldap.enabled:}") private Boolean accountLdapEnabled; + //ldap自动注册的默认角色。请注意:它通常来说都是低权限角色 + @Value(value = "${account.ldap.auth-user-registration-role:}") + private String authUserRegistrationRole; + + //ldap自动注册是否开启 + @Value(value = "${account.ldap.auth-user-registration:}") + private boolean authUserRegistration; + @Override public Result loginAndGetLdap(HttpServletRequest request, HttpServletResponse response, LoginDTO dto) { if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) { @@ -47,6 +56,16 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){ return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED); } + + if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){ + //自动注册 + AccountDO accountDO = new AccountDO(); + accountDO.setUsername(dto.getUsername()); + accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole()); + accountDO.setPassword(dto.getPassword()); + accountService.createAccount(accountDO); + } + return Result.buildSuc(dto.getUsername()); } diff --git a/kafka-manager-web/src/main/resources/application.yml b/kafka-manager-web/src/main/resources/application.yml index 9529dda1..1c6614e2 100644 --- a/kafka-manager-web/src/main/resources/application.yml +++ b/kafka-manager-web/src/main/resources/application.yml @@ -58,6 +58,8 @@ account: authentication: simple principal: cn=admin,dc=tsign,dc=cn credentials: admin + auth-user-registration: true + auth-user-registration-role: normal kcm: enabled: false From 2ecc877ba8073d6d5f8429732acae3c769b72499 Mon Sep 17 00:00:00 2001 From: EricZeng Date: Wed, 10 Mar 2021 15:45:48 +0800 Subject: [PATCH 4/6] fix add_cluster.md path fix add_cluster.md path --- docs/user_guide/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user_guide/faq.md b/docs/user_guide/faq.md index f62ba59f..bb2dbf11 100644 --- a/docs/user_guide/faq.md +++ b/docs/user_guide/faq.md @@ -44,7 +44,7 @@ 逻辑集群的创建参看: -- [kafka-manager 接入集群](docs/user_guide/add_cluster/add_cluster.md) 手册,这里的Region和逻辑集群都必须添加。 +- [kafka-manager 接入集群](add_cluster/add_cluster.md) 手册,这里的Region和逻辑集群都必须添加。 --- From 2e26f8caa637d0cd40b13c66512f2e291ff941da Mon Sep 17 00:00:00 2001 From: zengqiao Date: Wed, 10 Mar 2021 19:23:29 +0800 Subject: [PATCH 5/6] add qa --- docs/user_guide/faq.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/user_guide/faq.md b/docs/user_guide/faq.md index bb2dbf11..ea1b66da 100644 --- a/docs/user_guide/faq.md +++ b/docs/user_guide/faq.md @@ -7,7 +7,7 @@ --- -# FAQ +# FAQ - 0、Github图裂问题解决 - 1、Topic申请、新建监控告警等操作时没有可选择的集群? @@ -19,6 +19,9 @@ - 7、`Jmx`连接失败如何解决? - 8、`topic biz data not exist`错误及处理方式 - 9、进程启动后,如何查看API文档 +- 10、如何创建告警组? +- 11、连接信息、耗时信息为什么没有数据? +- 12、逻辑集群申请审批通过之后为什么看不到逻辑集群? --- @@ -113,4 +116,21 @@ ### 9、进程启动后,如何查看API文档 -- 滴滴Logi-KafkaManager采用Swagger-API工具记录API文档。Swagger-API地址: [http://IP:PORT/swagger-ui.html#/](http://IP:PORT/swagger-ui.html#/) +- 滴滴Logi-KafkaManager采用Swagger-API工具记录API文档。Swagger-API地址: [http://IP:PORT/swagger-ui.html#/](http://IP:PORT/swagger-ui.html#/) + + +### 10、如何创建告警组? + +这块需要配合监控系统进行使用,现在默认已经实现了夜莺的对接,当然也可以对接自己内部的监控系统,不过需要实现一些接口。 + +具体的文档可见:[监控功能对接夜莺](../dev_guide/monitor_system_integrate_with_n9e.md)、[监控功能对接其他系统](../dev_guide/monitor_system_integrate_with_self.md) + +### 11、连接信息、耗时信息为什么没有数据? + +这块需要结合滴滴内部的kafka-gateway一同使用才会有数据,滴滴kafka-gateway暂未开源。 + +### 12、逻辑集群申请审批通过之后为什么看不到逻辑集群? + +逻辑集群的申请与审批仅仅只是一个工单流程,并不会去实际创建逻辑集群,逻辑集群的创建还需要手动去创建。 + +具体的操作可见:[kafka-manager 接入集群](add_cluster/add_cluster.md)。 From 03352142b66fb5b8ff819f170c7baf0c24d5f826 Mon Sep 17 00:00:00 2001 From: "mike.zhangliang" Date: Tue, 16 Mar 2021 14:46:38 +0800 Subject: [PATCH 6/6] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 微信加群方式补充 --- README.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index aaa7e1d8..77729c25 100644 --- a/README.md +++ b/README.md @@ -67,11 +67,16 @@ - [滴滴Logi-KafkaManager 系列视频教程](https://mp.weixin.qq.com/s/9X7gH0tptHPtfjPPSdGO8g) - [kafka实践(十五):滴滴开源Kafka管控平台 Logi-KafkaManager研究--A叶子叶来](https://blog.csdn.net/yezonggang/article/details/113106244) -## 3 滴滴Logi开源用户钉钉交流群 +## 3 滴滴Logi开源用户交流群 + + +![image](https://user-images.githubusercontent.com/5287750/111266722-e531d800-8665-11eb-9242-3484da5a3099.png) +微信加群:关注公众号 Obsuite(官方公众号) 回复 "Logi加群" ![dingding_group](./docs/assets/images/common/dingding_group.jpg) - 钉钉群ID:32821440 - +钉钉群ID:32821440 + + ## 4 OCE认证 OCE是一个认证机制和交流平台,为滴滴Logi-KafkaManager生产用户量身打造,我们会为OCE企业提供更好的技术支持,比如专属的技术沙龙、企业一对一的交流机会、专属的答疑群等,如果贵司Logi-KafkaManager上了生产,[快来加入吧](http://obsuite.didiyun.com/open/openAuth)