Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzuaa
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzuaa
提交
5f927fc5
提交
5f927fc5
编写于
9月 07, 2020
作者:
nancy
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Ldap相关代码迁移
上级
3e997c64
变更
1
隐藏空白字符变更
内嵌
并排
正在显示
1 个修改的文件
包含
149 行增加
和
114 行删除
+149
-114
LdapUserService.java
.../ibizlab/core/uaa/extensions/service/LdapUserService.java
+149
-114
未找到文件。
ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/LdapUserService.java
浏览文件 @
5f927fc5
...
...
@@ -10,7 +10,9 @@ import cn.ibizlab.util.service.AuthenticationUserService;
import
cn.ibizlab.util.service.IBZUSERService
;
import
com.alibaba.fastjson.JSONObject
;
import
com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
;
import
com.baomidou.mybatisplus.core.toolkit.Wrappers
;
import
com.baomidou.mybatisplus.extension.service.impl.ServiceImpl
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnExpression
;
...
...
@@ -24,132 +26,165 @@ import org.springframework.security.core.GrantedAuthority;
import
org.springframework.security.core.authority.AuthorityUtils
;
import
org.springframework.security.core.userdetails.UsernameNotFoundException
;
import
org.springframework.stereotype.Service
;
import
org.springframework.util.CollectionUtils
;
import
org.springframework.util.DigestUtils
;
import
org.springframework.util.StringUtils
;
import
java.util.Collection
;
import
java.util.HashMap
;
import
java.util.Map
;
import
java.util.Set
;
import
java.util.*
;
/**
* 实体[IBZUSER] 服务对象接口实现
*/
@Primary
@Slf4j
@Service
(
"LdapUserService"
)
@ConditionalOnExpression
(
"'${ibiz.auth.service:SimpleUserService}'.equals('LdapUserService')"
)
public
class
LdapUserService
extends
ServiceImpl
<
IBZUSERMapper
,
IBZUSER
>
implements
IBZUSERService
,
AuthenticationUserService
{
@Value
(
"${ibiz.auth.pwencrymode:0}"
)
private
int
pwencrymode
;
@Autowired
private
LdapTemplate
ldapTemplate
;
@Override
public
AuthenticationUser
loadUserByUsername
(
String
username
)
{
AuthenticationUser
user
=
new
AuthenticationUser
();
user
.
setUsername
(
username
);
return
user
;
}
@Override
public
AuthenticationUser
loadUserByLogin
(
String
username
,
String
password
){
AuthenticationUser
user
=
new
AuthenticationUser
();
String
[]
data
=
username
.
split
(
"[|]"
);
String
loginname
=
username
;
String
devslnsysid
=
""
;
if
(
data
.
length
==
2
)
{
loginname
=
data
[
0
].
trim
();
@Value
(
"${ibiz.auth.pwencrymode:0}"
)
private
int
pwencrymode
;
@Autowired
private
LdapTemplate
ldapTemplate
;
@Override
public
AuthenticationUser
loadUserByUsername
(
String
username
)
{
if
(
StringUtils
.
isEmpty
(
username
))
throw
new
UsernameNotFoundException
(
"用户名为空"
);
QueryWrapper
<
IBZUSER
>
conds
=
new
QueryWrapper
<
IBZUSER
>();
String
[]
data
=
username
.
split
(
"[|]"
);
String
loginname
=
""
;
String
domains
=
""
;
if
(
data
.
length
>
0
)
loginname
=
data
[
0
].
trim
();
if
(
data
.
length
>
1
)
domains
=
data
[
1
].
trim
();
if
(!
StringUtils
.
isEmpty
(
loginname
))
conds
.
eq
(
"loginname"
,
loginname
);
if
(!
StringUtils
.
isEmpty
(
domains
))
conds
.
eq
(
"domains"
,
domains
);
IBZUSER
user
=
this
.
getOne
(
conds
);
if
(
user
==
null
)
{
throw
new
UsernameNotFoundException
(
"用户"
+
username
+
"未找到"
);
}
else
{
user
.
setUsername
(
username
);
AuthenticationUser
curUser
=
createUserDetails
(
user
);
if
(
curUser
.
getPermissionList
()
==
null
)
{
setUserPermission
(
curUser
);
setUserOrgInfo
(
curUser
);
}
return
curUser
;
}
}
@Override
public
AuthenticationUser
loadUserByLogin
(
String
username
,
String
password
)
{
//获取用户
AuthenticationUser
user
=
loadUserByUsername
(
username
);
if
(
1
==
user
.
getSuperuser
())
{
if
(
pwencrymode
==
1
)
password
=
DigestUtils
.
md5DigestAsHex
(
password
.
getBytes
());
else
if
(
pwencrymode
==
2
)
password
=
DigestUtils
.
md5DigestAsHex
(
String
.
format
(
"%1$s||%2$s"
,
username
,
password
).
getBytes
());
if
(!
user
.
getPassword
().
equals
(
password
))
{
throw
new
BadRequestAlertException
(
"用户名密码错误"
,
"IBZUSER"
,
username
);
}
}
else
{
//Ldap 认证。
authenticateByLdap
(
username
,
password
);
}
return
user
;
}
private
void
authenticateByLdap
(
String
username
,
String
password
)
{
String
[]
data
=
username
.
split
(
"[|]"
);
String
loginname
=
username
;
String
devslnsysid
=
""
;
if
(
data
.
length
==
2
)
{
loginname
=
data
[
0
].
trim
();
// devslnsysid=data[1].trim();
}
// 查询Ldap人员
AndFilter
filter
=
new
AndFilter
();
if
(!
StringUtils
.
isEmpty
(
loginname
))
{
filter
.
and
(
new
EqualsFilter
(
"uid"
,
loginname
));
}
Boolean
bAuthenticate
=
false
;
try
{
// 这个方法可以查询出该用户
bAuthenticate
=
ldapTemplate
.
authenticate
(
"ou=people"
,
filter
.
encode
(),
password
);
System
.
out
.
println
(
bAuthenticate
);
}
catch
(
RuntimeException
e
)
{
bAuthenticate
=
false
;
}
if
(!
bAuthenticate
)
{
throw
new
BadRequestAlertException
(
"用户名密码错误"
,
"IBZUSER"
,
username
);
}
user
.
setUsercode
(
loginname
);
user
.
setUsername
(
loginname
);
user
.
setLoginname
(
loginname
);
user
.
setPersonname
(
loginname
);
// user.setDomain(devslnsysid);
// user.setDevslnsysid(devslnsysid);
// user.setPassword(password);
// user.setOrgid(devslnsysid);
// user.setOrgcode(devslnsysid);
// user.setOrgname(devslnsysid);
return
user
;
}
public
void
resetByUsername
(
String
username
)
{
}
public
AuthenticationUser
createUserDetails
(
IBZUSER
user
)
{
AuthenticationUser
userdatail
=
new
AuthenticationUser
();
CachedBeanCopier
.
copy
(
user
,
userdatail
);
if
(
userdatail
.
getSuperuser
()==
1
){
userdatail
.
setAuthorities
(
AuthorityUtils
.
createAuthorityList
(
"ROLE_SUPERADMIN"
));
}
return
userdatail
;
}
@Autowired
@Lazy
private
UAACoreService
uaaCoreService
;
/**
* 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
* @param user
* @return
*/
public
void
setUserPermission
(
AuthenticationUser
user
)
{
Collection
<
GrantedAuthority
>
userAuthorities
=
uaaCoreService
.
getAuthoritiesByUserId
(
user
.
getUserid
());
Set
<
String
>
authorities
=
AuthorityUtils
.
authorityListToSet
(
userAuthorities
);
if
(
user
.
getSuperuser
()==
1
){
authorities
.
add
(
"ROLE_SUPERADMIN"
);
}
JSONObject
permission
=
new
JSONObject
();
permission
.
put
(
"authorities"
,
authorities
);
user
.
setPermissionList
(
permission
);
}
@Autowired
@Lazy
private
IBZOUFeignClient
ouFeignClient
;
/**
* 设置用户组织相关信息
* @param user
*/
private
void
setUserOrgInfo
(
AuthenticationUser
user
)
{
Map
<
String
,
Set
<
String
>>
orgInfo
=
ouFeignClient
.
getOUMapsByUserId
(
user
.
getUserid
());
if
(
orgInfo
==
null
)
orgInfo
=
new
HashMap
<>();
//throw new RuntimeException(String.format("获取用户信息失败,请检查用户中心[IBZOU]中是否存在[%s]用户!",user.getLoginname()));
user
.
setOrgInfo
(
orgInfo
);
}
}
// 查询Ldap人员
AndFilter
filter
=
new
AndFilter
();
if
(!
StringUtils
.
isEmpty
(
loginname
))
{
filter
.
and
(
new
EqualsFilter
(
"uid"
,
loginname
));
}
Boolean
bAuthenticate
=
false
;
try
{
// 这个方法可以查询出该用户
bAuthenticate
=
ldapTemplate
.
authenticate
(
"ou=people"
,
filter
.
encode
(),
password
);
System
.
out
.
println
(
bAuthenticate
);
}
catch
(
RuntimeException
e
)
{
bAuthenticate
=
false
;
}
if
(!
bAuthenticate
)
{
throw
new
BadRequestAlertException
(
"用户名或密码错误。"
,
"IBZUSER"
,
username
);
}
}
public
void
resetByUsername
(
String
username
)
{
}
public
AuthenticationUser
createUserDetails
(
IBZUSER
user
)
{
AuthenticationUser
userdatail
=
new
AuthenticationUser
();
CachedBeanCopier
.
copy
(
user
,
userdatail
);
if
(
userdatail
.
getSuperuser
()
==
1
)
{
userdatail
.
setAuthorities
(
AuthorityUtils
.
createAuthorityList
(
"ROLE_SUPERADMIN"
));
}
return
userdatail
;
}
@Autowired
@Lazy
private
UAACoreService
uaaCoreService
;
/**
* 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
*
* @param user
* @return
*/
public
void
setUserPermission
(
AuthenticationUser
user
)
{
Collection
<
GrantedAuthority
>
userAuthorities
=
uaaCoreService
.
getAuthoritiesByUserId
(
user
.
getUserid
());
Set
<
String
>
authorities
=
AuthorityUtils
.
authorityListToSet
(
userAuthorities
);
if
(
user
.
getSuperuser
()
==
1
)
{
authorities
.
add
(
"ROLE_SUPERADMIN"
);
}
JSONObject
permission
=
new
JSONObject
();
permission
.
put
(
"authorities"
,
authorities
);
user
.
setPermissionList
(
permission
);
}
@Autowired
@Lazy
private
IBZOUFeignClient
ouFeignClient
;
/**
* 设置用户组织相关信息
*
* @param user
*/
private
void
setUserOrgInfo
(
AuthenticationUser
user
)
{
Map
<
String
,
Set
<
String
>>
orgInfo
=
ouFeignClient
.
getOUMapsByUserId
(
user
.
getUserid
());
if
(
orgInfo
==
null
)
orgInfo
=
new
HashMap
<>();
//throw new RuntimeException(String.format("获取用户信息失败,请检查用户中心[IBZOU]中是否存在[%s]用户!",user.getLoginname()));
user
.
setOrgInfo
(
orgInfo
);
}
}
\ No newline at end of file
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录