Merge remote-tracking branch 'origin/master'

d61f0ded · laizhilong · 7ff24fb9 · 253e6067 · d61f0ded · d61f0ded
--- a/ibzuaa-app/ibzuaa-app-web/src/main/resources/application-uaa.yml
+++ b/ibzuaa-app/ibzuaa-app-web/src/main/resources/application-uaa.yml
+ibiz:
+  ref:
+    service:
+      # UAA provicer地址
+      ibzuaa-api: ibzuaa-api
+      uaa: ibzuaa-api
\ No newline at end of file
--- a/ibzuaa-app/ibzuaa-app-web/src/main/resources/application.yml
+++ b/ibzuaa-app/ibzuaa-app-web/src/main/resources/application.yml
 spring:
  profiles:
-    include: sys ,nacos, web-prod
+    include: sys ,nacos, web-prod，uaa
  application:
    name: ibzuaa-web
 zuul:

--- a/ibzuaa-core/pom.xml
+++ b/ibzuaa-core/pom.xml
@@ -98,6 +98,10 @@
            <artifactId>jobs-spring-boot-starter</artifactId>
        </dependency>

+        <dependency>
+            <groupId>org.springframework.ldap</groupId>
+            <artifactId>spring-ldap-core</artifactId>
+        </dependency>

 	</dependencies>


--- a/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/LdapUserService.java
+++ b/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/LdapUserService.java
+package cn.ibizlab.core.uaa.extensions.service;
+
+import cn.ibizlab.util.client.IBZOUFeignClient;
+import cn.ibizlab.util.domain.IBZUSER;
+import cn.ibizlab.util.errors.BadRequestAlertException;
+import cn.ibizlab.util.helper.CachedBeanCopier;
+import cn.ibizlab.util.mapper.IBZUSERMapper;
+import cn.ibizlab.util.security.AuthenticationUser;
+import cn.ibizlab.util.service.AuthenticationUserService;
+import cn.ibizlab.util.service.IBZUSERService;
+import com.alibaba.fastjson.JSONObject;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.context.annotation.Primary;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.filter.AndFilter;
+import org.springframework.ldap.filter.EqualsFilter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import org.springframework.util.DigestUtils;
+import org.springframework.util.StringUtils;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * 实体[IBZUSER] 服务对象接口实现
+ */
+
+@Primary
+@Service("LdapUserService")
+@ConditionalOnExpression("'${ibiz.auth.service:SimpleUserService}'.equals('LdapUserService')")
+public class LdapUserService extends ServiceImpl<IBZUSERMapper, IBZUSER> implements IBZUSERService, AuthenticationUserService {
+
+	@Value("${ibiz.auth.pwencrymode:0}")
+	private int pwencrymode;
+	@Autowired
+	private LdapTemplate ldapTemplate;
+
+	@Override
+	public AuthenticationUser loadUserByUsername(String username) {
+		AuthenticationUser user = new AuthenticationUser();
+		user.setUsername(username);
+		return user;
+	}
+
+	@Override
+	public AuthenticationUser loadUserByLogin(String username, String password){
+		AuthenticationUser user = new AuthenticationUser();
+		String[] data = username.split("[|]");
+		String loginname = username;
+		String devslnsysid = "";
+
+		if (data.length == 2) {
+			loginname = data[0].trim();
+//			devslnsysid=data[1].trim();
+		}
+
+		// 查询Ldap人员
+		AndFilter filter = new AndFilter();
+		if (!StringUtils.isEmpty(loginname)) {
+			filter.and(new EqualsFilter("uid", loginname));
+		}
+
+		Boolean bAuthenticate = false;
+		try {
+			// 这个方法可以查询出该用户
+			bAuthenticate = ldapTemplate.authenticate("ou=people", filter.encode(), password);
+			System.out.println(bAuthenticate);
+		} catch (RuntimeException e) {
+			bAuthenticate = false;
+		}
+
+		if (!bAuthenticate) {
+			throw new BadRequestAlertException("用户名密码错误", "IBZUSER", username);
+		}
+
+		user.setUsercode(loginname);
+		user.setUsername(loginname);
+		user.setLoginname(loginname);
+		user.setPersonname(loginname);
+//		user.setDomain(devslnsysid);
+//		user.setDevslnsysid(devslnsysid);
+//		user.setPassword(password);
+//		user.setOrgid(devslnsysid);
+//		user.setOrgcode(devslnsysid);
+//		user.setOrgname(devslnsysid);
+
+		return user;
+	}
+
+
+	public void resetByUsername(String username) {
+
+	}
+
+	public  AuthenticationUser createUserDetails(IBZUSER user) {
+		AuthenticationUser userdatail = new AuthenticationUser();
+		CachedBeanCopier.copy(user,userdatail);
+		if(userdatail.getSuperuser()==1){
+			userdatail.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_SUPERADMIN"));
+		}
+		return userdatail;
+	}
+
+
+	@Autowired
+	@Lazy
+	private UAACoreService uaaCoreService;
+
+
+	/**
+	 * 设置用户权限
+	 * 由于GrantedAuthority缺少无参构造，导致无法序列化，暂时通过PermissionList中转
+	 * @param user
+	 * @return
+	 */
+	public void setUserPermission(AuthenticationUser user) {
+		Collection<GrantedAuthority> userAuthorities=uaaCoreService.getAuthoritiesByUserId(user.getUserid());
+		Set<String> authorities = AuthorityUtils.authorityListToSet(userAuthorities);
+		if(user.getSuperuser()==1){
+			authorities.add("ROLE_SUPERADMIN");
+		}
+		JSONObject permission =new JSONObject();
+		permission.put("authorities",authorities);
+		user.setPermissionList(permission);
+	}
+
+	@Autowired
+	@Lazy
+	private IBZOUFeignClient ouFeignClient;
+
+	/**
+	 * 设置用户组织相关信息
+	 * @param user
+	 */
+	private void setUserOrgInfo(AuthenticationUser user) {
+
+		Map<String, Set<String>> orgInfo=ouFeignClient.getOUMapsByUserId(user.getUserid());
+		if(orgInfo==null)
+			orgInfo=new HashMap<>();
+		//throw new RuntimeException(String.format("获取用户信息失败，请检查用户中心[IBZOU]中是否存在[%s]用户!",user.getLoginname()));
+
+		user.setOrgInfo(orgInfo);
+	}
+}
\ No newline at end of file
--- a/ibzuaa-core/src/main/java/cn/ibizlab/core/util/config/LdapConfiguration.java
+++ b/ibzuaa-core/src/main/java/cn/ibizlab/core/util/config/LdapConfiguration.java
+package cn.ibizlab.core.util.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.core.support.LdapContextSource;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Ldap配置
+ * 用于远程调用平台用户验证（用户名、密码）
+ */
+@Configuration
+public class LdapConfiguration {
+
+    private LdapTemplate ldapTemplate;
+    
+    @Value("${ldap.url:}")
+    private String url ;
+
+    @Value("${ldap.base:}")
+    private String base ;
+    
+    @Value("${ldap.userdn:}")
+    private String userdn ;
+
+    @Value("${ldap.password:}")
+    private String password ;
+
+    @Bean
+    public LdapContextSource contextSource() {
+        LdapContextSource contextSource = new LdapContextSource();
+        Map<String, Object> config = new HashMap();
+        contextSource.setUrl(url);
+        contextSource.setBase(base);
+        contextSource.setUserDn(userdn);
+        contextSource.setPassword(password);
+        config.put("java.naming.ldap.attributes.binary", "objectGUID");
+        contextSource.setPooled(true);
+        contextSource.setBaseEnvironmentProperties(config);
+        return contextSource;
+    }
+ 
+    @Bean
+    public LdapTemplate ldapTemplate() {
+        if (null == ldapTemplate)
+            ldapTemplate = new LdapTemplate(contextSource());
+        return ldapTemplate;
+    }
+
+}
\ No newline at end of file
--- a/ibzuaa-core/src/main/resources/application-ldap.yml
+++ b/ibzuaa-core/src/main/resources/application-ldap.yml
+ibiz:
+  auth:
+    # 指定用于认证的用户服务，
+    # UAAUserService ：使用系统配置关联的（本系统）数据库用户。
+    # LdapUserService ：使用Ldap服务，进行远端数据验证（平台账号服务）。
+    service: UAAUserService
+
+ldap:
+  url: ldap://172.16.170.10:389
+  base: dc=ibizsys,dc=net
+  userdn: cn=Manager,dc=ibizsys,dc=net
+  password: testldap
\ No newline at end of file
--- a/ibzuaa-dependencies/pom.xml
+++ b/ibzuaa-dependencies/pom.xml
@@ -88,6 +88,7 @@

        <oracle.version>11.2.0.3</oracle.version>
        <postgresql.version>42.2.6</postgresql.version>
+        <ldap.version>5.3.3.RELEASE</ldap.version>

    </properties>

@@ -270,6 +271,11 @@
                <version>${baomidou-jobs.version}</version>
            </dependency>

+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-ldap</artifactId>
+                <version>${ldap.version}</version>
+            </dependency>

        </dependencies>
    </dependencyManagement>

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
@@ -47,7 +47,7 @@ public class ClientAuthenticationResource
    private AuthTokenUtil jwtTokenUtil;

    @Autowired
-    @Qualifier("UAAUserService")
+//    @Qualifier("UAAUserService")
    private AuthenticationUserService userDetailsService;

    @Autowired

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/resources/application.yml
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/resources/application.yml
 spring:
  profiles:
-    include: sys ,nacos, api-prod
+    include: sys ,nacos, api-prod, ldap
  application:
    name: ibzuaa-api
\ No newline at end of file