diff --git a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/LoginController.java b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/LoginController.java index 0c005ee0..abbc0cb3 100644 --- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/LoginController.java +++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/LoginController.java @@ -6,31 +6,25 @@ import com.zyplayer.doc.core.json.DocResponseJson; import com.zyplayer.doc.data.config.security.DocUserDetails; import com.zyplayer.doc.data.config.security.DocUserUtil; import com.zyplayer.doc.data.config.security.UserAuthVo; -import com.zyplayer.doc.data.repository.manage.entity.UserAuth; import com.zyplayer.doc.data.repository.manage.entity.UserInfo; import com.zyplayer.doc.data.service.manage.UserAuthService; import com.zyplayer.doc.data.service.manage.UserInfoService; import com.zyplayer.doc.manage.web.param.LdapPerson; -import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; -import org.springframework.ldap.core.AttributesMapper; import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.query.LdapQueryBuilder; -import org.springframework.ldap.support.LdapUtils; import org.springframework.util.DigestUtils; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RestController; import javax.annotation.Resource; -import javax.naming.NamingException; -import javax.naming.directory.Attribute; -import javax.naming.directory.DirContext; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; import java.util.List; import java.util.Objects; -import java.util.Set; /** * 用户登录控制器 @@ -40,6 +34,7 @@ import java.util.Set; */ @RestController public class LoginController { + private static Logger logger = LoggerFactory.getLogger(LoginController.class); @Resource private UserInfoService userInfoService; @@ -48,9 +43,6 @@ public class LoginController { @Resource private LdapTemplate ldapTemplate; - // TODO 域账号登录,待测试 - @Value("${spring.ldap.domainName:}") - private String ldapDomainName; @Value("${spring.ldap.enable:false}") private boolean ldapLoginEnable; @@ -113,10 +105,10 @@ public class LoginController { */ private UserInfo ldapAutoRegister(LdapPerson ldapPerson) { UserInfo userInfo = new UserInfo(); - userInfo.setEmail(ldapPerson.getEmail()); + userInfo.setEmail(ldapPerson.getMail()); userInfo.setPassword("LDAP"); - userInfo.setUserName(ldapPerson.getName()); - userInfo.setUserNo(ldapPerson.getsAMAccountName()); + userInfo.setUserNo(ldapPerson.getUid()); + userInfo.setUserName(StringUtils.defaultIfBlank(ldapPerson.getDisplayName(), ldapPerson.getUid())); userInfo.setSex(1); userInfoService.save(userInfo); return userInfo; @@ -124,44 +116,17 @@ public class LoginController { /** * 鉴别域账号中是否有该用户 + * 参考项目:https://gitee.com/durcframework/torna,方法:cn.torna.service.login.form.impl.LdapLoginManager#ldapAuth */ public LdapPerson getUserFromLdap(String username, String password) { - if (StringUtils.endsWithIgnoreCase(username, ldapDomainName)) { - username = username.replaceAll("(?i)" + ldapDomainName, ""); - } - String userDn = username + ldapDomainName; - DirContext dirContext = null; try { - dirContext = ldapTemplate.getContextSource().getContext(userDn, password); - List search = ldapTemplate.search( - LdapQueryBuilder.query().where("objectClass").is("person").and("sAMAccountName").is(username), - (AttributesMapper) attributes -> { - LdapPerson person = new LdapPerson(); - person.setName(this.getAttributeValue(attributes.get("cn"))); - person.setsAMAccountName(this.getAttributeValue(attributes.get("sAMAccountName"))); - person.setEmail(this.getAttributeValue(attributes.get("userPrincipalName"))); - return person; - }); - if (CollectionUtils.isNotEmpty(search)) { - return search.get(0); - } + return ldapTemplate.authenticate( + LdapQueryBuilder.query().where("uid").is(username), + password, + (dirContext, ldapEntryIdentification) -> + ldapTemplate.findOne(LdapQueryBuilder.query().where("uid").is(username), LdapPerson.class)); } catch (Exception e) { - e.printStackTrace(); - } finally { - if (null != dirContext) { - LdapUtils.closeContext(dirContext); - } - } - return null; - } - - /** - * 取值 - */ - private String getAttributeValue(Attribute attribute) throws NamingException { - if (attribute != null) { - Object obj = attribute.get(0); - return obj == null ? null : obj.toString(); + logger.error("LDAP登录失败", e); } return null; } diff --git a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/param/LdapPerson.java b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/param/LdapPerson.java index 93737576..6b6a48d2 100644 --- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/param/LdapPerson.java +++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/param/LdapPerson.java @@ -1,79 +1,58 @@ -/* - * << - * Davinci - * == - * Copyright (C) 2016 - 2019 EDP - * == - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * >> - * - */ - package com.zyplayer.doc.manage.web.param; +import org.springframework.ldap.odm.annotations.Attribute; +import org.springframework.ldap.odm.annotations.DnAttribute; +import org.springframework.ldap.odm.annotations.Entry; + /** * 域账号用户信息 + * 参考项目:https://gitee.com/durcframework/torna,类:cn.torna.service.login.form.impl.LdapUser * * @author 暮光:城中城 * @since 2021年8月2日 */ +@Entry(objectClasses = "inetOrgPerson") public class LdapPerson { /** - * 姓名 + * 用户ID */ - private String name; + @DnAttribute(value = "uid") + private String uid; /** * 用户名 */ - private String sAMAccountName; - + @Attribute(name = "displayName") + private String displayName; /** * 邮箱 */ - private String email; + @Attribute(name = "mail") + private String mail; - public String getName() { - return name; + public String getUid() { + return uid; } - public void setName(String name) { - this.name = name; + public void setUid(String uid) { + this.uid = uid; } - public String getsAMAccountName() { - return sAMAccountName; + public String getDisplayName() { + return displayName; } - public void setsAMAccountName(String sAMAccountName) { - this.sAMAccountName = sAMAccountName; + public void setDisplayName(String displayName) { + this.displayName = displayName; } - public String getEmail() { - return email; + public String getMail() { + return mail; } - public void setEmail(String email) { - this.email = email; + public void setMail(String mail) { + this.mail = mail; } - - public LdapPerson(String name, String sAMAccountName, String email) { - this.name = name; - this.sAMAccountName = sAMAccountName; - this.email = email; - } - - public LdapPerson() { - } - } diff --git a/zyplayer-doc-manage/src/main/resources/application.yml b/zyplayer-doc-manage/src/main/resources/application.yml index 8b472092..80024952 100644 --- a/zyplayer-doc-manage/src/main/resources/application.yml +++ b/zyplayer-doc-manage/src/main/resources/application.yml @@ -1,5 +1,5 @@ -# 端口和根路劲,jar启动时依此处配置,放tomcat后以tomcat的配置为准 +# 端口和根路径,jar启动时依此处配置,放tomcat后以tomcat的配置为准 server: port: 8083 servlet: @@ -68,13 +68,13 @@ spring: max-request-size: 100MB datasource: continue-on-error: true + # 域账号登录,暂未严格测试 ldap: enable: false - urls: ['ldap://10.0.1.1:10389'] + urls: ldap://10.0.1.1:10389 base: dc=xx,dc=net username: cn=Manager,dc=xx,dc=net password: MKDSHYDNIS - anonymousReadOnly: true # 下面的配置可以不用管了 mybatis-plus: