提交 253e6067 编写于 作者: nancy's avatar nancy

Ldap集成代码提交到主干版本

改动:
1. 添加ldap相关依赖,涉及两个pom.xml
2. 添加Ldap相关配置文件,LdapUserService。
3. 添加两个yml文件,用于书写自定义配置项。

注意:
UAA认证模式默认配置为,本地用户模式。
切换到Ldap配置,需要修改application-ldap.yml中的用户服务配置项。
Ldap模式中的默认认证地址为实验环境(cs环境)。
上级 0222cbcc
ibiz:
ref:
service:
# UAA provicer地址
ibzuaa-api: ibzuaa-api
uaa: ibzuaa-api
\ No newline at end of file
spring: spring:
profiles: profiles:
include: sys ,nacos, web-prod include: sys ,nacos, web-prod,uaa
application: application:
name: ibzuaa-web name: ibzuaa-web
zuul: zuul:
......
...@@ -98,6 +98,10 @@ ...@@ -98,6 +98,10 @@
<artifactId>jobs-spring-boot-starter</artifactId> <artifactId>jobs-spring-boot-starter</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
</dependency>
</dependencies> </dependencies>
......
package cn.ibizlab.core.uaa.extensions.service;
import cn.ibizlab.util.client.IBZOUFeignClient;
import cn.ibizlab.util.domain.IBZUSER;
import cn.ibizlab.util.errors.BadRequestAlertException;
import cn.ibizlab.util.helper.CachedBeanCopier;
import cn.ibizlab.util.mapper.IBZUSERMapper;
import cn.ibizlab.util.security.AuthenticationUser;
import cn.ibizlab.util.service.AuthenticationUserService;
import cn.ibizlab.util.service.IBZUSERService;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Primary;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.util.DigestUtils;
import org.springframework.util.StringUtils;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* 实体[IBZUSER] 服务对象接口实现
*/
@Primary
@Service("LdapUserService")
@ConditionalOnExpression("'${ibiz.auth.service:SimpleUserService}'.equals('LdapUserService')")
public class LdapUserService extends ServiceImpl<IBZUSERMapper, IBZUSER> implements IBZUSERService, AuthenticationUserService {
@Value("${ibiz.auth.pwencrymode:0}")
private int pwencrymode;
@Autowired
private LdapTemplate ldapTemplate;
@Override
public AuthenticationUser loadUserByUsername(String username) {
AuthenticationUser user = new AuthenticationUser();
user.setUsername(username);
return user;
}
@Override
public AuthenticationUser loadUserByLogin(String username, String password){
AuthenticationUser user = new AuthenticationUser();
String[] data = username.split("[|]");
String loginname = username;
String devslnsysid = "";
if (data.length == 2) {
loginname = data[0].trim();
// devslnsysid=data[1].trim();
}
// 查询Ldap人员
AndFilter filter = new AndFilter();
if (!StringUtils.isEmpty(loginname)) {
filter.and(new EqualsFilter("uid", loginname));
}
Boolean bAuthenticate = false;
try {
// 这个方法可以查询出该用户
bAuthenticate = ldapTemplate.authenticate("ou=people", filter.encode(), password);
System.out.println(bAuthenticate);
} catch (RuntimeException e) {
bAuthenticate = false;
}
if (!bAuthenticate) {
throw new BadRequestAlertException("用户名密码错误", "IBZUSER", username);
}
user.setUsercode(loginname);
user.setUsername(loginname);
user.setLoginname(loginname);
user.setPersonname(loginname);
// user.setDomain(devslnsysid);
// user.setDevslnsysid(devslnsysid);
// user.setPassword(password);
// user.setOrgid(devslnsysid);
// user.setOrgcode(devslnsysid);
// user.setOrgname(devslnsysid);
return user;
}
public void resetByUsername(String username) {
}
public AuthenticationUser createUserDetails(IBZUSER user) {
AuthenticationUser userdatail = new AuthenticationUser();
CachedBeanCopier.copy(user,userdatail);
if(userdatail.getSuperuser()==1){
userdatail.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_SUPERADMIN"));
}
return userdatail;
}
@Autowired
@Lazy
private UAACoreService uaaCoreService;
/**
* 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
* @param user
* @return
*/
public void setUserPermission(AuthenticationUser user) {
Collection<GrantedAuthority> userAuthorities=uaaCoreService.getAuthoritiesByUserId(user.getUserid());
Set<String> authorities = AuthorityUtils.authorityListToSet(userAuthorities);
if(user.getSuperuser()==1){
authorities.add("ROLE_SUPERADMIN");
}
JSONObject permission =new JSONObject();
permission.put("authorities",authorities);
user.setPermissionList(permission);
}
@Autowired
@Lazy
private IBZOUFeignClient ouFeignClient;
/**
* 设置用户组织相关信息
* @param user
*/
private void setUserOrgInfo(AuthenticationUser user) {
Map<String, Set<String>> orgInfo=ouFeignClient.getOUMapsByUserId(user.getUserid());
if(orgInfo==null)
orgInfo=new HashMap<>();
//throw new RuntimeException(String.format("获取用户信息失败,请检查用户中心[IBZOU]中是否存在[%s]用户!",user.getLoginname()));
user.setOrgInfo(orgInfo);
}
}
\ No newline at end of file
package cn.ibizlab.core.util.config;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import java.util.HashMap;
import java.util.Map;
/**
* Ldap配置
* 用于远程调用平台用户验证(用户名、密码)
*/
@Configuration
public class LdapConfiguration {
private LdapTemplate ldapTemplate;
@Value("${ldap.url:}")
private String url ;
@Value("${ldap.base:}")
private String base ;
@Value("${ldap.userdn:}")
private String userdn ;
@Value("${ldap.password:}")
private String password ;
@Bean
public LdapContextSource contextSource() {
LdapContextSource contextSource = new LdapContextSource();
Map<String, Object> config = new HashMap();
contextSource.setUrl(url);
contextSource.setBase(base);
contextSource.setUserDn(userdn);
contextSource.setPassword(password);
config.put("java.naming.ldap.attributes.binary", "objectGUID");
contextSource.setPooled(true);
contextSource.setBaseEnvironmentProperties(config);
return contextSource;
}
@Bean
public LdapTemplate ldapTemplate() {
if (null == ldapTemplate)
ldapTemplate = new LdapTemplate(contextSource());
return ldapTemplate;
}
}
\ No newline at end of file
ibiz:
auth:
# 指定用于认证的用户服务,
# UAAUserService :使用系统配置关联的(本系统)数据库用户。
# LdapUserService :使用Ldap服务,进行远端数据验证(平台账号服务)。
service: UAAUserService
ldap:
url: ldap://172.16.170.10:389
base: dc=ibizsys,dc=net
userdn: cn=Manager,dc=ibizsys,dc=net
password: testldap
\ No newline at end of file
...@@ -88,6 +88,7 @@ ...@@ -88,6 +88,7 @@
<oracle.version>11.2.0.3</oracle.version> <oracle.version>11.2.0.3</oracle.version>
<postgresql.version>42.2.6</postgresql.version> <postgresql.version>42.2.6</postgresql.version>
<ldap.version>5.3.3.RELEASE</ldap.version>
</properties> </properties>
...@@ -270,6 +271,11 @@ ...@@ -270,6 +271,11 @@
<version>${baomidou-jobs.version}</version> <version>${baomidou-jobs.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${ldap.version}</version>
</dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>
......
...@@ -47,7 +47,7 @@ public class ClientAuthenticationResource ...@@ -47,7 +47,7 @@ public class ClientAuthenticationResource
private AuthTokenUtil jwtTokenUtil; private AuthTokenUtil jwtTokenUtil;
@Autowired @Autowired
@Qualifier("UAAUserService") // @Qualifier("UAAUserService")
private AuthenticationUserService userDetailsService; private AuthenticationUserService userDetailsService;
@Autowired @Autowired
......
spring: spring:
profiles: profiles:
include: sys ,nacos, api-prod include: sys ,nacos, api-prod, ldap
application: application:
name: ibzuaa-api name: ibzuaa-api
\ No newline at end of file
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册