域账号登录优化

zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/LoginController.java

@@ -6,31 +6,25 @@ import com.zyplayer.doc.core.json.DocResponseJson;
 import com.zyplayer.doc.data.config.security.DocUserDetails;
 import com.zyplayer.doc.data.config.security.DocUserUtil;
 import com.zyplayer.doc.data.config.security.UserAuthVo;
-import com.zyplayer.doc.data.repository.manage.entity.UserAuth;
 import com.zyplayer.doc.data.repository.manage.entity.UserInfo;
 import com.zyplayer.doc.data.service.manage.UserAuthService;
 import com.zyplayer.doc.data.service.manage.UserInfoService;
 import com.zyplayer.doc.manage.web.param.LdapPerson;
-import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.ldap.core.AttributesMapper;
 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.ldap.query.LdapQueryBuilder;
-import org.springframework.ldap.support.LdapUtils;
 import org.springframework.util.DigestUtils;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.DirContext;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 import java.util.List;
 import java.util.Objects;
-import java.util.Set;
 
 /**
  * 用户登录控制器
@@ -40,6 +34,7 @@ import java.util.Set;
  */
 @RestController
 public class LoginController {
+	private static Logger logger = LoggerFactory.getLogger(LoginController.class);
 	
 	@Resource
 	private UserInfoService userInfoService;
@@ -48,9 +43,6 @@ public class LoginController {
 	@Resource
 	private LdapTemplate ldapTemplate;
 	
-	// TODO 域账号登录，待测试
-	@Value("${spring.ldap.domainName:}")
-	private String ldapDomainName;
 	@Value("${spring.ldap.enable:false}")
 	private boolean ldapLoginEnable;
 	
@@ -113,10 +105,10 @@ public class LoginController {
 	 */
 	private UserInfo ldapAutoRegister(LdapPerson ldapPerson) {
 		UserInfo userInfo = new UserInfo();
-		userInfo.setEmail(ldapPerson.getEmail());
+		userInfo.setEmail(ldapPerson.getMail());
 		userInfo.setPassword("LDAP");
-		userInfo.setUserName(ldapPerson.getName());
+		userInfo.setUserNo(ldapPerson.getUid());
-		userInfo.setUserNo(ldapPerson.getsAMAccountName());
+		userInfo.setUserName(StringUtils.defaultIfBlank(ldapPerson.getDisplayName(), ldapPerson.getUid()));
 		userInfo.setSex(1);
 		userInfoService.save(userInfo);
 		return userInfo;
@@ -124,44 +116,17 @@ public class LoginController {
 	
 	/**
 	 * 鉴别域账号中是否有该用户
+	 * 参考项目：https://gitee.com/durcframework/torna，方法：cn.torna.service.login.form.impl.LdapLoginManager#ldapAuth
 	 */
 	public LdapPerson getUserFromLdap(String username, String password) {
-		if (StringUtils.endsWithIgnoreCase(username, ldapDomainName)) {
-			username = username.replaceAll("(?i)" + ldapDomainName, "");
-		}
-		String userDn = username + ldapDomainName;
-		DirContext dirContext = null;
 		try {
-			dirContext = ldapTemplate.getContextSource().getContext(userDn, password);
+			return ldapTemplate.authenticate(
-			List<LdapPerson> search = ldapTemplate.search(
+					LdapQueryBuilder.query().where("uid").is(username),
-					LdapQueryBuilder.query().where("objectClass").is("person").and("sAMAccountName").is(username),
+					password,
-					(AttributesMapper<LdapPerson>) attributes -> {
+					(dirContext, ldapEntryIdentification) ->
-						LdapPerson person = new LdapPerson();
+							ldapTemplate.findOne(LdapQueryBuilder.query().where("uid").is(username), LdapPerson.class));
-						person.setName(this.getAttributeValue(attributes.get("cn")));
-						person.setsAMAccountName(this.getAttributeValue(attributes.get("sAMAccountName")));
-						person.setEmail(this.getAttributeValue(attributes.get("userPrincipalName")));
-						return person;
-					});
-			if (CollectionUtils.isNotEmpty(search)) {
-				return search.get(0);
-			}
 		} catch (Exception e) {
-			e.printStackTrace();
+			logger.error("LDAP登录失败", e);
-		} finally {
-			if (null != dirContext) {
-				LdapUtils.closeContext(dirContext);
-			}
-		}
-		return null;
-	}
-	
-	/**
-	 * 取值
-	 */
-	private String getAttributeValue(Attribute attribute) throws NamingException {
-		if (attribute != null) {
-			Object obj = attribute.get(0);
-			return obj == null ? null : obj.toString();
 		}
 		return null;
 	}

zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/web/param/LdapPerson.java

@@ -1,79 +1,58 @@
-/*
- * <<
- *  Davinci
- *  ==
- *  Copyright (C) 2016 - 2019 EDP
- *  ==
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *        http://www.apache.org/licenses/LICENSE-2.0
- *   Unless required by applicable law or agreed to in writing, software
- *   distributed under the License is distributed on an "AS IS" BASIS,
- *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *   See the License for the specific language governing permissions and
- *   limitations under the License.
- *  >>
- *
- */
-
 package com.zyplayer.doc.manage.web.param;
 
+import org.springframework.ldap.odm.annotations.Attribute;
+import org.springframework.ldap.odm.annotations.DnAttribute;
+import org.springframework.ldap.odm.annotations.Entry;
+
 /**
  * 域账号用户信息
+ * 参考项目：https://gitee.com/durcframework/torna，类：cn.torna.service.login.form.impl.LdapUser
  *
  * @author 暮光：城中城
  * @since 2021年8月2日
  */
+@Entry(objectClasses = "inetOrgPerson")
 public class LdapPerson {
 	
 	/**
-	 * 姓名
+	 * 用户ID
 	 */
-	private String name;
+	@DnAttribute(value = "uid")
+	private String uid;
 	
 	/**
 	 * 用户名
 	 */
-	private String sAMAccountName;
+	@Attribute(name = "displayName")
-	
+	private String displayName;
 	
 	/**
 	 * 邮箱
 	 */
-	private String email;
+	@Attribute(name = "mail")
+	private String mail;
 	
-	public String getName() {
+	public String getUid() {
-		return name;
+		return uid;
 	}
 	
-	public void setName(String name) {
+	public void setUid(String uid) {
-		this.name = name;
+		this.uid = uid;
 	}
 	
-	public String getsAMAccountName() {
+	public String getDisplayName() {
-		return sAMAccountName;
+		return displayName;
 	}
 	
-	public void setsAMAccountName(String sAMAccountName) {
+	public void setDisplayName(String displayName) {
-		this.sAMAccountName = sAMAccountName;
+		this.displayName = displayName;
 	}
 	
-	public String getEmail() {
+	public String getMail() {
-		return email;
+		return mail;
 	}
 	
-	public void setEmail(String email) {
+	public void setMail(String mail) {
-		this.email = email;
+		this.mail = mail;
 	}
-	
-	public LdapPerson(String name, String sAMAccountName, String email) {
-		this.name = name;
-		this.sAMAccountName = sAMAccountName;
-		this.email = email;
-	}
-	
-	public LdapPerson() {
-	}
-	
 }

zyplayer-doc-manage/src/main/resources/application.yml

@@ -1,5 +1,5 @@
 
-# 端口和根路劲，jar启动时依此处配置，放tomcat后以tomcat的配置为准
+# 端口和根路径，jar启动时依此处配置，放tomcat后以tomcat的配置为准
 server:
   port: 8083
   servlet:
@@ -68,13 +68,13 @@ spring:
       max-request-size: 100MB
   datasource:
     continue-on-error: true
+  # 域账号登录，暂未严格测试
   ldap:
     enable: false
-    urls: ['ldap://10.0.1.1:10389']
+    urls: ldap://10.0.1.1:10389
     base: dc=xx,dc=net
     username: cn=Manager,dc=xx,dc=net
     password: MKDSHYDNIS
-    anonymousReadOnly: true
 
 # 下面的配置可以不用管了
 mybatis-plus: