提交 5f927fc5 编写于 作者: nancy's avatar nancy

Ldap相关代码迁移

上级 3e997c64
......@@ -10,7 +10,9 @@ import cn.ibizlab.util.service.AuthenticationUserService;
import cn.ibizlab.util.service.IBZUSERService;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
......@@ -24,132 +26,165 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import org.springframework.util.DigestUtils;
import org.springframework.util.StringUtils;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.*;
/**
* 实体[IBZUSER] 服务对象接口实现
*/
@Primary
@Slf4j
@Service("LdapUserService")
@ConditionalOnExpression("'${ibiz.auth.service:SimpleUserService}'.equals('LdapUserService')")
public class LdapUserService extends ServiceImpl<IBZUSERMapper, IBZUSER> implements IBZUSERService, AuthenticationUserService {
@Value("${ibiz.auth.pwencrymode:0}")
private int pwencrymode;
@Autowired
private LdapTemplate ldapTemplate;
@Override
public AuthenticationUser loadUserByUsername(String username) {
AuthenticationUser user = new AuthenticationUser();
user.setUsername(username);
return user;
}
@Override
public AuthenticationUser loadUserByLogin(String username, String password){
AuthenticationUser user = new AuthenticationUser();
String[] data = username.split("[|]");
String loginname = username;
String devslnsysid = "";
if (data.length == 2) {
loginname = data[0].trim();
@Value("${ibiz.auth.pwencrymode:0}")
private int pwencrymode;
@Autowired
private LdapTemplate ldapTemplate;
@Override
public AuthenticationUser loadUserByUsername(String username) {
if (StringUtils.isEmpty(username))
throw new UsernameNotFoundException("用户名为空");
QueryWrapper<IBZUSER> conds = new QueryWrapper<IBZUSER>();
String[] data = username.split("[|]");
String loginname = "";
String domains = "";
if (data.length > 0)
loginname = data[0].trim();
if (data.length > 1)
domains = data[1].trim();
if (!StringUtils.isEmpty(loginname))
conds.eq("loginname", loginname);
if (!StringUtils.isEmpty(domains))
conds.eq("domains", domains);
IBZUSER user = this.getOne(conds);
if (user == null) {
throw new UsernameNotFoundException("用户" + username + "未找到");
} else {
user.setUsername(username);
AuthenticationUser curUser = createUserDetails(user);
if (curUser.getPermissionList() == null) {
setUserPermission(curUser);
setUserOrgInfo(curUser);
}
return curUser;
}
}
@Override
public AuthenticationUser loadUserByLogin(String username, String password) {
//获取用户
AuthenticationUser user = loadUserByUsername(username);
if (1 == user.getSuperuser()) {
if (pwencrymode == 1)
password = DigestUtils.md5DigestAsHex(password.getBytes());
else if (pwencrymode == 2)
password = DigestUtils.md5DigestAsHex(String.format("%1$s||%2$s", username, password).getBytes());
if (!user.getPassword().equals(password)) {
throw new BadRequestAlertException("用户名密码错误", "IBZUSER", username);
}
} else {
//Ldap 认证。
authenticateByLdap(username, password);
}
return user;
}
private void authenticateByLdap(String username, String password) {
String[] data = username.split("[|]");
String loginname = username;
String devslnsysid = "";
if (data.length == 2) {
loginname = data[0].trim();
// devslnsysid=data[1].trim();
}
// 查询Ldap人员
AndFilter filter = new AndFilter();
if (!StringUtils.isEmpty(loginname)) {
filter.and(new EqualsFilter("uid", loginname));
}
Boolean bAuthenticate = false;
try {
// 这个方法可以查询出该用户
bAuthenticate = ldapTemplate.authenticate("ou=people", filter.encode(), password);
System.out.println(bAuthenticate);
} catch (RuntimeException e) {
bAuthenticate = false;
}
if (!bAuthenticate) {
throw new BadRequestAlertException("用户名密码错误", "IBZUSER", username);
}
user.setUsercode(loginname);
user.setUsername(loginname);
user.setLoginname(loginname);
user.setPersonname(loginname);
// user.setDomain(devslnsysid);
// user.setDevslnsysid(devslnsysid);
// user.setPassword(password);
// user.setOrgid(devslnsysid);
// user.setOrgcode(devslnsysid);
// user.setOrgname(devslnsysid);
return user;
}
public void resetByUsername(String username) {
}
public AuthenticationUser createUserDetails(IBZUSER user) {
AuthenticationUser userdatail = new AuthenticationUser();
CachedBeanCopier.copy(user,userdatail);
if(userdatail.getSuperuser()==1){
userdatail.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_SUPERADMIN"));
}
return userdatail;
}
@Autowired
@Lazy
private UAACoreService uaaCoreService;
/**
* 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
* @param user
* @return
*/
public void setUserPermission(AuthenticationUser user) {
Collection<GrantedAuthority> userAuthorities=uaaCoreService.getAuthoritiesByUserId(user.getUserid());
Set<String> authorities = AuthorityUtils.authorityListToSet(userAuthorities);
if(user.getSuperuser()==1){
authorities.add("ROLE_SUPERADMIN");
}
JSONObject permission =new JSONObject();
permission.put("authorities",authorities);
user.setPermissionList(permission);
}
@Autowired
@Lazy
private IBZOUFeignClient ouFeignClient;
/**
* 设置用户组织相关信息
* @param user
*/
private void setUserOrgInfo(AuthenticationUser user) {
Map<String, Set<String>> orgInfo=ouFeignClient.getOUMapsByUserId(user.getUserid());
if(orgInfo==null)
orgInfo=new HashMap<>();
//throw new RuntimeException(String.format("获取用户信息失败,请检查用户中心[IBZOU]中是否存在[%s]用户!",user.getLoginname()));
user.setOrgInfo(orgInfo);
}
}
// 查询Ldap人员
AndFilter filter = new AndFilter();
if (!StringUtils.isEmpty(loginname)) {
filter.and(new EqualsFilter("uid", loginname));
}
Boolean bAuthenticate = false;
try {
// 这个方法可以查询出该用户
bAuthenticate = ldapTemplate.authenticate("ou=people", filter.encode(), password);
System.out.println(bAuthenticate);
} catch (RuntimeException e) {
bAuthenticate = false;
}
if (!bAuthenticate) {
throw new BadRequestAlertException("用户名或密码错误。", "IBZUSER", username);
}
}
public void resetByUsername(String username) {
}
public AuthenticationUser createUserDetails(IBZUSER user) {
AuthenticationUser userdatail = new AuthenticationUser();
CachedBeanCopier.copy(user, userdatail);
if (userdatail.getSuperuser() == 1) {
userdatail.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_SUPERADMIN"));
}
return userdatail;
}
@Autowired
@Lazy
private UAACoreService uaaCoreService;
/**
* 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
*
* @param user
* @return
*/
public void setUserPermission(AuthenticationUser user) {
Collection<GrantedAuthority> userAuthorities = uaaCoreService.getAuthoritiesByUserId(user.getUserid());
Set<String> authorities = AuthorityUtils.authorityListToSet(userAuthorities);
if (user.getSuperuser() == 1) {
authorities.add("ROLE_SUPERADMIN");
}
JSONObject permission = new JSONObject();
permission.put("authorities", authorities);
user.setPermissionList(permission);
}
@Autowired
@Lazy
private IBZOUFeignClient ouFeignClient;
/**
* 设置用户组织相关信息
*
* @param user
*/
private void setUserOrgInfo(AuthenticationUser user) {
Map<String, Set<String>> orgInfo = ouFeignClient.getOUMapsByUserId(user.getUserid());
if (orgInfo == null)
orgInfo = new HashMap<>();
//throw new RuntimeException(String.format("获取用户信息失败,请检查用户中心[IBZOU]中是否存在[%s]用户!",user.getLoginname()));
user.setOrgInfo(orgInfo);
}
}
\ No newline at end of file
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册