ops / monitor-ui · Commits

Go to a project

Authored by qinchao
Commit 54c43991355fcb8834224611aedd2404b94f6336 1 parent 21c482f4

支持ldap统一认证

Inline Side-by-side
Showing 11 changed files with 282 additions and 20 deletions
... ... @@ -139,6 +139,25 @@ public class UserAuthLocal {
return usermap.get(name);
}
/**
* 获取用户
*
* @param name
* @return
*/
public User getUserByLdapName(String name) {
if (usermap.isEmpty()) {//改用延时加载
init();
}
for(String key:usermap.keySet()){
User u=usermap.get(key);
if(name.equals(u.getLadpName())){
return u;
}
}
return null;
}
public AuthModule getAuthModuleByname(String name) {
if (modulemap.isEmpty()) {//改用延时加载
init();
... ...
... ... @@ -102,6 +102,7 @@ public class HttpUriContants {
public static final String USER_UPDATE = "/user/update";
public static final String USER_DELETE_NAME = "/user/deleteByName";
public static final String USER_OPERATE = "/user/operate";
public static final String USER_LDAP_FLAG = "/user/getLdapFlag";
public static final String APP_ADD_SEESION = "/user/appAddSession";
public static final String APP_GET_SEESION = "/user/appGetSession";
... ...
... ... @@ -47,4 +47,6 @@ public class User {
private String modules;
private String loginTargetUrl;
private String ladpName;
}
... ...
... ... @@ -32,5 +32,11 @@
<version>1.0-rc2</version>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
</dependencies>
</project>
\ No newline at end of file
... ...
... ... @@ -5,6 +5,7 @@ import com.ui.User.MD5Util;
import com.ui.User.UserAuthLocal;
import com.ui.contants.HttpUriContants;
import com.ui.http.HttpRestClient;
import com.ui.ldaputil.LdapAuthUtil;
import com.ui.model.BaseResponse;
import com.ui.model.req.AuthModule;
import com.ui.model.req.User;
... ... @@ -39,6 +40,9 @@ public class UserCtrl {
@Autowired
UserAuthLocal userAuthLocal;
@Autowired
private LdapAuthUtil ldapAuthenticate;
@RequestMapping("/toLogin")
public ModelAndView toLogin(String loginTargetUrl, Model model) {
if(StringUtils.isNotBlank(loginTargetUrl)){
... ... @@ -63,27 +67,60 @@ public class UserCtrl {
}
User u = userAuthLocal.getUserByname(user.getName());
if (u == null) {
model.addAttribute("message", "用户名不存在");
return new ModelAndView("user/login");
boolean ldapFlag=false;
BaseResponse ldapFlagResp=httpRestClient.defaultGet(HttpUriContants.USER_LDAP_FLAG,BaseResponse.class);
if(ldapFlagResp!=null&&ldapFlagResp.getCode()==200&&ldapFlagResp.getData()!=null&&"1".equals(String.valueOf(ldapFlagResp.getData()))){
ldapFlag=true;
}
if (u.getPwd().equals(MD5Util.encryption(user.getPwd()))) {
session.setAttribute("user", u);
if(StringUtils.isBlank(user.getLoginTargetUrl())){
return new ModelAndView("dashBoard/dashBoard");
}else{
try {
//直接跳转到初始的请求页面
response.sendRedirect(user.getLoginTargetUrl());
} catch (IOException e) {
return new ModelAndView("dashBoard/dashBoard");
}
return null;
User u =null;
if(ldapFlag){
//走ldap统一认证接口
//认证
//认证不通过,提示
if(!ldapAuthenticate.login(user.getName(),user.getPwd())){
model.addAttribute("message", "请使用你的OA账户登陆,登录名或者密码错误");
return new ModelAndView("user/login");
}
} else {
model.addAttribute("message", "密码错误");
return new ModelAndView("user/login");
//认证通过
u = userAuthLocal.getUserByLdapName(user.getName());
if (u == null) {
//创建默认的用户
model.addAttribute("message", "用户名不存在,如有需要请联系管理员添加用户");
return new ModelAndView("user/login");
}
}else{
u = userAuthLocal.getUserByname(user.getName());
if (u == null) {
model.addAttribute("message", "用户名不存在,如有需要请联系管理员添加用户");
return new ModelAndView("user/login");
}
if (!u.getPwd().equals(MD5Util.encryption(user.getPwd()))) {
model.addAttribute("message", "密码错误");
return new ModelAndView("user/login");
}
}
//用户放到session
session.setAttribute("user", u);
if(StringUtils.isBlank(user.getLoginTargetUrl())){
return new ModelAndView("dashBoard/dashBoard");
}else{
try {
//直接跳转到初始的请求页面
response.sendRedirect(user.getLoginTargetUrl());
} catch (IOException e) {
return new ModelAndView("dashBoard/dashBoard");
}
return null;
}
}
... ...
package com.ui.ldaputil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.stereotype.Component;
import javax.naming.directory.SearchControls;
import java.util.List;
/**
* Created by jimi on 2017/12/26.
*/
@Component
public class LdapAuthUtil {
private static final Logger logger= LoggerFactory.getLogger(LdapAuthUtil.class);
@Autowired
LdapTemplate ldapTemplate;
public boolean login(String userName, String passWord){
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person"))
.and(new EqualsFilter("sAMAccountName", userName));
String[] urls = ((YhLdapContextSource) ldapTemplate.getContextSource()).getUrls();
logger.info("ldap urls :{}",urls);
return ldapTemplate.authenticate("", filter.toString(), passWord);
}
public LdapUser getUser(String userName){
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person"))
.and(new EqualsFilter("sAMAccountName", userName));
LdapUser user = null;
int SearchScope = SearchControls.SUBTREE_SCOPE;
AttributesMapper<LdapUser> attr = new LdapMapUser();
List<LdapUser> users=ldapTemplate.search("",filter.toString(), SearchScope, attr);
if (users.size() !=0){
user=users.get(0);
}
return user;
}
}
... ...
package com.ui.ldaputil;
import org.springframework.ldap.core.AttributesMapper;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
/**
* Created by jimi on 2017/12/26.
*/
public class LdapMapUser implements AttributesMapper<LdapUser> {
@Override
public LdapUser mapFromAttributes(Attributes attributes) throws NamingException {
Attribute attr;
LdapUser user = new LdapUser();
attr = attributes.get("name");
user.setName((String) attr.get());
attr = attributes.get("sAMAccountName");
user.setsAMAccountName((String) attr.get());
//
// attr = attributes.get("department");
// user.setDepartment((String) attr.get());
attr = attributes.get("mail");
user.setMail((String) attr.get());
return user;
}
}
... ...
package com.ui.ldaputil;
/**
* Created by jimi on 2017/12/26.
*/
public class LdapUser {
private String name;
private String sAMAccountName;
private String department;
private String mail;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getsAMAccountName() {
return sAMAccountName;
}
public void setsAMAccountName(String sAMAccountName) {
this.sAMAccountName = sAMAccountName;
}
public String getDepartment() {
return department;
}
public void setDepartment(String department) {
this.department = department;
}
public String getMail() {
return mail;
}
public void setMail(String mail) {
this.mail = mail;
}
}
... ...
package com.ui.ldaputil;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.ldap.core.support.LdapContextSource;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* Created by jimi on 2018/1/8.
*/
public class YhLdapContextSource extends LdapContextSource implements InitializingBean {
YhLdapContextSource() {
super();
}
public void afterPropertiesSet() {
super.afterPropertiesSet();
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLContext.setDefault(ctx);
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
... ...
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="ldapContextSource" class="com.ui.ldaputil.YhLdapContextSource">
<!--test ldaps://yoho01.local:636 -->
<!--formal ldap://yoho01.local:389 -->
<property name="url" value="ldap://yoho01.local:389"/>
<property name="base" value="dc=yoho01,dc=local"/>
<property name="userDn" value="tech@yoho01.local"/>
<property name="password" value="3nIiz2Ov38NU"/>
<property name="referral" value="follow"></property>
</bean>
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<property name="contextSource" ref="ldapContextSource"/>
<property name="ignorePartialResultException" value="true"/>
</bean>
</beans>
... ...
... ... @@ -31,7 +31,7 @@
<h4 class="text-center mb5">Still not a user?</h4>
<p class="text-center">Please connect with the admin.</p>
<div class="mb30"></div>
<div class="mb30" style="color:red">${message}</div>
<form id="loginform" action="<%=basePath %>user/login" method="post">
<div class="input-group mb15">
... ...