Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzuaa
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzuaa
提交
d61f0ded
提交
d61f0ded
编写于
8月 03, 2020
作者:
laizhilong
浏览文件
操作
浏览文件
下载
差异文件
Merge remote-tracking branch 'origin/master'
上级
7ff24fb9
253e6067
变更
9
隐藏空白字符变更
内嵌
并排
正在显示
9 个修改的文件
包含
240 行增加
和
3 行删除
+240
-3
application-uaa.yml
...app/ibzuaa-app-web/src/main/resources/application-uaa.yml
+6
-0
application.yml
ibzuaa-app/ibzuaa-app-web/src/main/resources/application.yml
+1
-1
pom.xml
ibzuaa-core/pom.xml
+4
-0
LdapUserService.java
.../ibizlab/core/uaa/extensions/service/LdapUserService.java
+155
-0
LdapConfiguration.java
...n/java/cn/ibizlab/core/util/config/LdapConfiguration.java
+54
-0
application-ldap.yml
ibzuaa-core/src/main/resources/application-ldap.yml
+12
-0
pom.xml
ibzuaa-dependencies/pom.xml
+6
-0
ClientAuthenticationResource.java
...lab/api/rest/extensions/ClientAuthenticationResource.java
+1
-1
application.yml
...er/ibzuaa-provider-api/src/main/resources/application.yml
+1
-1
未找到文件。
ibzuaa-app/ibzuaa-app-web/src/main/resources/application-uaa.yml
0 → 100644
浏览文件 @
d61f0ded
ibiz
:
ref
:
service
:
# UAA provicer地址
ibzuaa-api
:
ibzuaa-api
uaa
:
ibzuaa-api
\ No newline at end of file
ibzuaa-app/ibzuaa-app-web/src/main/resources/application.yml
浏览文件 @
d61f0ded
spring
:
spring
:
profiles
:
profiles
:
include
:
sys ,nacos, web-prod
include
:
sys ,nacos, web-prod
,uaa
application
:
application
:
name
:
ibzuaa-web
name
:
ibzuaa-web
zuul
:
zuul
:
...
...
ibzuaa-core/pom.xml
浏览文件 @
d61f0ded
...
@@ -98,6 +98,10 @@
...
@@ -98,6 +98,10 @@
<artifactId>
jobs-spring-boot-starter
</artifactId>
<artifactId>
jobs-spring-boot-starter
</artifactId>
</dependency>
</dependency>
<dependency>
<groupId>
org.springframework.ldap
</groupId>
<artifactId>
spring-ldap-core
</artifactId>
</dependency>
</dependencies>
</dependencies>
...
...
ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/LdapUserService.java
0 → 100644
浏览文件 @
d61f0ded
package
cn
.
ibizlab
.
core
.
uaa
.
extensions
.
service
;
import
cn.ibizlab.util.client.IBZOUFeignClient
;
import
cn.ibizlab.util.domain.IBZUSER
;
import
cn.ibizlab.util.errors.BadRequestAlertException
;
import
cn.ibizlab.util.helper.CachedBeanCopier
;
import
cn.ibizlab.util.mapper.IBZUSERMapper
;
import
cn.ibizlab.util.security.AuthenticationUser
;
import
cn.ibizlab.util.service.AuthenticationUserService
;
import
cn.ibizlab.util.service.IBZUSERService
;
import
com.alibaba.fastjson.JSONObject
;
import
com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
;
import
com.baomidou.mybatisplus.extension.service.impl.ServiceImpl
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnExpression
;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
;
import
org.springframework.context.annotation.Lazy
;
import
org.springframework.context.annotation.Primary
;
import
org.springframework.ldap.core.LdapTemplate
;
import
org.springframework.ldap.filter.AndFilter
;
import
org.springframework.ldap.filter.EqualsFilter
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.AuthorityUtils
;
import
org.springframework.security.core.userdetails.UsernameNotFoundException
;
import
org.springframework.stereotype.Service
;
import
org.springframework.util.DigestUtils
;
import
org.springframework.util.StringUtils
;
import
java.util.Collection
;
import
java.util.HashMap
;
import
java.util.Map
;
import
java.util.Set
;
/**
* 实体[IBZUSER] 服务对象接口实现
*/
@Primary
@Service
(
"LdapUserService"
)
@ConditionalOnExpression
(
"'${ibiz.auth.service:SimpleUserService}'.equals('LdapUserService')"
)
public
class
LdapUserService
extends
ServiceImpl
<
IBZUSERMapper
,
IBZUSER
>
implements
IBZUSERService
,
AuthenticationUserService
{
@Value
(
"${ibiz.auth.pwencrymode:0}"
)
private
int
pwencrymode
;
@Autowired
private
LdapTemplate
ldapTemplate
;
@Override
public
AuthenticationUser
loadUserByUsername
(
String
username
)
{
AuthenticationUser
user
=
new
AuthenticationUser
();
user
.
setUsername
(
username
);
return
user
;
}
@Override
public
AuthenticationUser
loadUserByLogin
(
String
username
,
String
password
){
AuthenticationUser
user
=
new
AuthenticationUser
();
String
[]
data
=
username
.
split
(
"[|]"
);
String
loginname
=
username
;
String
devslnsysid
=
""
;
if
(
data
.
length
==
2
)
{
loginname
=
data
[
0
].
trim
();
// devslnsysid=data[1].trim();
}
// 查询Ldap人员
AndFilter
filter
=
new
AndFilter
();
if
(!
StringUtils
.
isEmpty
(
loginname
))
{
filter
.
and
(
new
EqualsFilter
(
"uid"
,
loginname
));
}
Boolean
bAuthenticate
=
false
;
try
{
// 这个方法可以查询出该用户
bAuthenticate
=
ldapTemplate
.
authenticate
(
"ou=people"
,
filter
.
encode
(),
password
);
System
.
out
.
println
(
bAuthenticate
);
}
catch
(
RuntimeException
e
)
{
bAuthenticate
=
false
;
}
if
(!
bAuthenticate
)
{
throw
new
BadRequestAlertException
(
"用户名密码错误"
,
"IBZUSER"
,
username
);
}
user
.
setUsercode
(
loginname
);
user
.
setUsername
(
loginname
);
user
.
setLoginname
(
loginname
);
user
.
setPersonname
(
loginname
);
// user.setDomain(devslnsysid);
// user.setDevslnsysid(devslnsysid);
// user.setPassword(password);
// user.setOrgid(devslnsysid);
// user.setOrgcode(devslnsysid);
// user.setOrgname(devslnsysid);
return
user
;
}
public
void
resetByUsername
(
String
username
)
{
}
public
AuthenticationUser
createUserDetails
(
IBZUSER
user
)
{
AuthenticationUser
userdatail
=
new
AuthenticationUser
();
CachedBeanCopier
.
copy
(
user
,
userdatail
);
if
(
userdatail
.
getSuperuser
()==
1
){
userdatail
.
setAuthorities
(
AuthorityUtils
.
createAuthorityList
(
"ROLE_SUPERADMIN"
));
}
return
userdatail
;
}
@Autowired
@Lazy
private
UAACoreService
uaaCoreService
;
/**
* 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
* @param user
* @return
*/
public
void
setUserPermission
(
AuthenticationUser
user
)
{
Collection
<
GrantedAuthority
>
userAuthorities
=
uaaCoreService
.
getAuthoritiesByUserId
(
user
.
getUserid
());
Set
<
String
>
authorities
=
AuthorityUtils
.
authorityListToSet
(
userAuthorities
);
if
(
user
.
getSuperuser
()==
1
){
authorities
.
add
(
"ROLE_SUPERADMIN"
);
}
JSONObject
permission
=
new
JSONObject
();
permission
.
put
(
"authorities"
,
authorities
);
user
.
setPermissionList
(
permission
);
}
@Autowired
@Lazy
private
IBZOUFeignClient
ouFeignClient
;
/**
* 设置用户组织相关信息
* @param user
*/
private
void
setUserOrgInfo
(
AuthenticationUser
user
)
{
Map
<
String
,
Set
<
String
>>
orgInfo
=
ouFeignClient
.
getOUMapsByUserId
(
user
.
getUserid
());
if
(
orgInfo
==
null
)
orgInfo
=
new
HashMap
<>();
//throw new RuntimeException(String.format("获取用户信息失败,请检查用户中心[IBZOU]中是否存在[%s]用户!",user.getLoginname()));
user
.
setOrgInfo
(
orgInfo
);
}
}
\ No newline at end of file
ibzuaa-core/src/main/java/cn/ibizlab/core/util/config/LdapConfiguration.java
0 → 100644
浏览文件 @
d61f0ded
package
cn
.
ibizlab
.
core
.
util
.
config
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.ldap.core.LdapTemplate
;
import
org.springframework.ldap.core.support.LdapContextSource
;
import
java.util.HashMap
;
import
java.util.Map
;
/**
* Ldap配置
* 用于远程调用平台用户验证(用户名、密码)
*/
@Configuration
public
class
LdapConfiguration
{
private
LdapTemplate
ldapTemplate
;
@Value
(
"${ldap.url:}"
)
private
String
url
;
@Value
(
"${ldap.base:}"
)
private
String
base
;
@Value
(
"${ldap.userdn:}"
)
private
String
userdn
;
@Value
(
"${ldap.password:}"
)
private
String
password
;
@Bean
public
LdapContextSource
contextSource
()
{
LdapContextSource
contextSource
=
new
LdapContextSource
();
Map
<
String
,
Object
>
config
=
new
HashMap
();
contextSource
.
setUrl
(
url
);
contextSource
.
setBase
(
base
);
contextSource
.
setUserDn
(
userdn
);
contextSource
.
setPassword
(
password
);
config
.
put
(
"java.naming.ldap.attributes.binary"
,
"objectGUID"
);
contextSource
.
setPooled
(
true
);
contextSource
.
setBaseEnvironmentProperties
(
config
);
return
contextSource
;
}
@Bean
public
LdapTemplate
ldapTemplate
()
{
if
(
null
==
ldapTemplate
)
ldapTemplate
=
new
LdapTemplate
(
contextSource
());
return
ldapTemplate
;
}
}
\ No newline at end of file
ibzuaa-core/src/main/resources/application-ldap.yml
0 → 100644
浏览文件 @
d61f0ded
ibiz
:
auth
:
# 指定用于认证的用户服务,
# UAAUserService :使用系统配置关联的(本系统)数据库用户。
# LdapUserService :使用Ldap服务,进行远端数据验证(平台账号服务)。
service
:
UAAUserService
ldap
:
url
:
ldap://172.16.170.10:389
base
:
dc=ibizsys,dc=net
userdn
:
cn=Manager,dc=ibizsys,dc=net
password
:
testldap
\ No newline at end of file
ibzuaa-dependencies/pom.xml
浏览文件 @
d61f0ded
...
@@ -88,6 +88,7 @@
...
@@ -88,6 +88,7 @@
<oracle.version>
11.2.0.3
</oracle.version>
<oracle.version>
11.2.0.3
</oracle.version>
<postgresql.version>
42.2.6
</postgresql.version>
<postgresql.version>
42.2.6
</postgresql.version>
<ldap.version>
5.3.3.RELEASE
</ldap.version>
</properties>
</properties>
...
@@ -270,6 +271,11 @@
...
@@ -270,6 +271,11 @@
<version>
${baomidou-jobs.version}
</version>
<version>
${baomidou-jobs.version}
</version>
</dependency>
</dependency>
<dependency>
<groupId>
org.springframework.security
</groupId>
<artifactId>
spring-security-ldap
</artifactId>
<version>
${ldap.version}
</version>
</dependency>
</dependencies>
</dependencies>
</dependencyManagement>
</dependencyManagement>
...
...
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
浏览文件 @
d61f0ded
...
@@ -47,7 +47,7 @@ public class ClientAuthenticationResource
...
@@ -47,7 +47,7 @@ public class ClientAuthenticationResource
private
AuthTokenUtil
jwtTokenUtil
;
private
AuthTokenUtil
jwtTokenUtil
;
@Autowired
@Autowired
@Qualifier
(
"UAAUserService"
)
//
@Qualifier("UAAUserService")
private
AuthenticationUserService
userDetailsService
;
private
AuthenticationUserService
userDetailsService
;
@Autowired
@Autowired
...
...
ibzuaa-provider/ibzuaa-provider-api/src/main/resources/application.yml
浏览文件 @
d61f0ded
spring
:
spring
:
profiles
:
profiles
:
include
:
sys ,nacos, api-prod
include
:
sys ,nacos, api-prod
, ldap
application
:
application
:
name
:
ibzuaa-api
name
:
ibzuaa-api
\ No newline at end of file
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录