diff --git a/lib/finekit-10.0.jar b/lib/finekit-10.0.jar
new file mode 100644
index 0000000..611c8f5
Binary files /dev/null and b/lib/finekit-10.0.jar differ
diff --git a/pom.xml b/pom.xml
index 17a81e0..6c5cb46 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,6 +11,15 @@
jar
plugin-decision-ldaps-passport
+
+
+ com.fanruan.api
+ finekit
+ 10.0
+ system
+ ${project.basedir}/lib/finekit-10.0.jar
+
+
${project.basedir}/../webroot/WEB-INF/plugins/plugin-decision-ldaps-passport-1.0/classes
diff --git a/src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsAuthenticBean.java b/src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsAuthenticBean.java
index 45d3fe8..92a6ac4 100644
--- a/src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsAuthenticBean.java
+++ b/src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsAuthenticBean.java
@@ -1,11 +1,10 @@
package com.fr.plugin.decision.passport.ldaps;
+import com.fanruan.api.decision.CommonKit;
+import com.fanruan.api.decision.auth.bean.BasePassportBean;
+import com.fanruan.api.decision.login.LoginKit;
+import com.fanruan.api.util.StringKit;
import com.fr.decision.authorize.Passport;
-import com.fr.decision.config.FSConfig;
-import com.fr.decision.webservice.bean.authentication.PassportBean;
-import com.fr.decision.webservice.utils.DecisionServiceConstants;
-import com.fr.decision.webservice.utils.WebServiceUtils;
-import com.fr.stable.StringUtils;
import com.fr.third.fasterxml.jackson.annotation.JsonSubTypes;
/**
@@ -13,7 +12,7 @@ import com.fr.third.fasterxml.jackson.annotation.JsonSubTypes;
* Created by zhouping on 2018/3/4.
*/
@JsonSubTypes.Type(value = LdapsAuthenticBean.class, name = "LdapAuthenticBean")
-public class LdapsAuthenticBean extends PassportBean {
+public class LdapsAuthenticBean extends BasePassportBean {
private static final long serialVersionUID = -5233155996986308766L;
//认证URL
@@ -126,7 +125,7 @@ public class LdapsAuthenticBean extends PassportBean {
}
@Override
- public PassportBean createPassportBean(LdapsPassport passport) {
+ public BasePassportBean createPassportBean(LdapsPassport passport) {
this.setUrl(passport.getLdapUrl());
this.setSearchBase(passport.getLdapSearchBase());
this.setRetrieveLocAsBaseDN(passport.isRetrieveLocAsBaseDN());
@@ -135,8 +134,8 @@ public class LdapsAuthenticBean extends PassportBean {
this.setReferral(passport.getReferral());
this.setPrincipalSuffix(passport.getPrincipalSuffix());
this.setSystemName(passport.getLdapSystemName());
- if (StringUtils.isNotEmpty(passport.getLdapSystemPassword())) {
- this.setSystemPassword(DecisionServiceConstants.DEFAULT_PASSWORD);
+ if (StringKit.isNotEmpty(passport.getLdapSystemPassword())) {
+ this.setSystemPassword(CommonKit.fetchDefaultPasswordHolderString());
}
this.setCertPath(passport.getCertPath());
return this;
@@ -153,11 +152,11 @@ public class LdapsAuthenticBean extends PassportBean {
passport.setReferral(getReferral());
passport.setPrincipalSuffix(getPrincipalSuffix());
passport.setLdapSystemName(getSystemName());
- if (WebServiceUtils.isDefaultPassword(this.systemPassword)) {
- String oldPassword = FSConfig.getInstance().getPassport(LdapsPassport.class).getLdapSystemPassword();
+ if (CommonKit.isDefaultPasswordHolderString(this.systemPassword)) {
+ String oldPassword = LoginKit.getPassport(LdapsPassport.class).getLdapSystemPassword();
passport.setLdapSystemPassword(oldPassword);
} else {
- passport.setLdapSystemPassword(WebServiceUtils.getBase64DecodeStr(this.systemPassword));
+ passport.setLdapSystemPassword(CommonKit.getBase64DecodeStr(this.systemPassword));
}
passport.setCertPath(getCertPath());
return passport;
diff --git a/src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsPassport.java b/src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsPassport.java
index 3e6764d..8f7509a 100644
--- a/src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsPassport.java
+++ b/src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsPassport.java
@@ -1,24 +1,19 @@
package com.fr.plugin.decision.passport.ldaps;
+import com.fanruan.api.conf.HolderKit;
+import com.fanruan.api.decision.UserKit;
+import com.fanruan.api.decision.auth.BasePassport;
+import com.fanruan.api.decision.middle.ReadOnlyUser;
+import com.fanruan.api.log.LogKit;
+import com.fanruan.api.runtime.ResourceKit;
+import com.fanruan.api.security.SecurityKit;
+import com.fanruan.api.util.AssistKit;
+import com.fanruan.api.util.StringKit;
import com.fr.config.Identifier;
import com.fr.config.holder.Conf;
-import com.fr.config.holder.factory.Holders;
-import com.fr.decision.authority.data.User;
-import com.fr.decision.authorize.Passport;
-import com.fr.decision.authorize.impl.AbstractPassport;
-import com.fr.decision.authorize.impl.DefaultPassport;
import com.fr.decision.privilege.encrpt.PasswordValidator;
-import com.fr.decision.webservice.utils.UserSourceFactory;
-import com.fr.decision.webservice.v10.user.UserService;
-import com.fr.general.ComparatorUtils;
-import com.fr.io.utils.ResourceIOUtils;
-import com.fr.log.FineLoggerFactory;
-import com.fr.security.SecurityToolbox;
-import com.fr.stable.AssistUtils;
-import com.fr.stable.StringUtils;
-import com.fr.third.javax.annotation.Nullable;
-
-import javax.naming.AuthenticationException;
+import org.jetbrains.annotations.Nullable;
+
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@@ -40,7 +35,7 @@ import java.util.concurrent.ExecutionException;
import java.util.concurrent.FutureTask;
-public class LdapsPassport extends AbstractPassport {
+public class LdapsPassport extends BasePassport {
private static final long serialVersionUID = -1848712022102261769L;
@@ -57,39 +52,39 @@ public class LdapsPassport extends AbstractPassport {
/**
* 缓存上次匹配的结果字段
*/
- private String lastTimeMatchWord = StringUtils.EMPTY;
+ private String lastTimeMatchWord = StringKit.EMPTY;
@Identifier("ldapsUrl")
- private Conf ldapUrl = Holders.simple(StringUtils.EMPTY);
+ private Conf ldapUrl = HolderKit.simple(StringKit.EMPTY);
@Identifier("ldapsSearchBase")
- private Conf ldapSearchBase = Holders.simple(StringUtils.EMPTY);
+ private Conf ldapSearchBase = HolderKit.simple(StringKit.EMPTY);
//是否使用检索位置作为baseDN,是的话就加到url中,否则加到search的参数中
@Identifier("ldapsRetrieveLocAsBaseDN")
- private Conf retrieveLocAsBaseDN = Holders.simple(true);
+ private Conf retrieveLocAsBaseDN = HolderKit.simple(true);
//认证方式
@Identifier("ldapsAuthentication")
- private Conf authentication = Holders.simple(AUTH_SIMPLE);// none,simple,strong
+ private Conf authentication = HolderKit.simple(AUTH_SIMPLE);// none,simple,strong
//context初始化的Factory,一般用这个默认值
@Identifier("ldapsContextFactory")
- private Conf contextFactory = Holders.simple(SUN_DEFAULT_CONTEXT_FACTORY);
+ private Conf contextFactory = HolderKit.simple(SUN_DEFAULT_CONTEXT_FACTORY);
//指定将如何处理服务提供者遇到的引用的环境属性名称
@Identifier("ldapsReferral")
- private Conf referral = Holders.simple(REFERRAL_FOLLOW);// follow, ignore, throw
+ private Conf referral = HolderKit.simple(REFERRAL_FOLLOW);// follow, ignore, throw
//ldap用户后缀,如@finereport.com
@Identifier("ldapsPprincipalSuffix")
- private Conf principalSuffix = Holders.simple(StringUtils.EMPTY);
+ private Conf principalSuffix = HolderKit.simple(StringKit.EMPTY);
//ldap系统的管理员姓名
@Identifier("ldapsSystemName")
- private Conf ldapSystemName = Holders.simple(StringUtils.EMPTY);
+ private Conf ldapSystemName = HolderKit.simple(StringKit.EMPTY);
//ldap系统的管理员密码
@Identifier("ldapsSystemPassword")
- private Conf ldapSystemPassword = Holders.simple(StringUtils.EMPTY);
+ private Conf ldapSystemPassword = HolderKit.simple(StringKit.EMPTY);
//ldaps证书路径
@Identifier("ldapsCertPath")
- private Conf certPath = Holders.simple(StringUtils.EMPTY);
+ private Conf certPath = HolderKit.simple(StringKit.EMPTY);
public LdapsPassport() {
@@ -153,11 +148,11 @@ public class LdapsPassport extends AbstractPassport {
}
public String getLdapSystemPassword() {
- return StringUtils.isEmpty(ldapSystemPassword.get()) ? null : SecurityToolbox.decrypt(ldapSystemPassword.get());
+ return StringKit.isEmpty(ldapSystemPassword.get()) ? null : SecurityKit.decrypt(ldapSystemPassword.get());
}
public void setLdapSystemPassword(String ldapSystemPassword) {
- this.ldapSystemPassword.set(SecurityToolbox.encrypt(ldapSystemPassword));
+ this.ldapSystemPassword.set(SecurityKit.encrypt(ldapSystemPassword));
}
public boolean isRetrieveLocAsBaseDN() {
@@ -189,7 +184,7 @@ public class LdapsPassport extends AbstractPassport {
@Override
public int hashCode() {
- return AssistUtils.hashCode(ldapUrl.get(), ldapSearchBase.get(), ldapSystemName.get(), ldapSystemPassword.get(),
+ return AssistKit.hashCode(ldapUrl.get(), ldapSearchBase.get(), ldapSystemName.get(), ldapSystemPassword.get(),
referral.get(), retrieveLocAsBaseDN.get(), authentication.get(), contextFactory.get(), certPath.get());
}
@@ -199,19 +194,20 @@ public class LdapsPassport extends AbstractPassport {
return false;
}
LdapsPassport target = (LdapsPassport) obj;
- return ComparatorUtils.equals(target.getPrincipalSuffix(), this.getPrincipalSuffix())
- && ComparatorUtils.equals(target.getReferral(), this.getReferral())
- && ComparatorUtils.equals(target.getLdapUrl(), this.getLdapUrl())
- && ComparatorUtils.equals(target.getContextFactory(), this.getContextFactory())
- && ComparatorUtils.equals(target.getAuthentication(), this.getAuthentication())
- && ComparatorUtils.equals(target.getLdapSystemName(), this.getLdapSystemName())
- && ComparatorUtils.equals(target.getLdapSearchBase(), this.getLdapSearchBase())
- && ComparatorUtils.equals(target.getLdapSystemPassword(), this.getLdapSystemPassword())
- && ComparatorUtils.equals(target.getCertPath(), this.getCertPath());
+ return AssistKit.equals(target.getPrincipalSuffix(), this.getPrincipalSuffix())
+ && AssistKit.equals(target.getReferral(), this.getReferral())
+ && AssistKit.equals(target.getLdapUrl(), this.getLdapUrl())
+ && AssistKit.equals(target.getContextFactory(), this.getContextFactory())
+ && AssistKit.equals(target.getAuthentication(), this.getAuthentication())
+ && AssistKit.equals(target.getLdapSystemName(), this.getLdapSystemName())
+ && AssistKit.equals(target.getLdapSearchBase(), this.getLdapSearchBase())
+ && AssistKit.equals(target.getLdapSystemPassword(), this.getLdapSystemPassword())
+ && AssistKit.equals(target.getCertPath(), this.getCertPath());
}
+
@Override
public boolean checkTicket(String username, String inputPassword, String savedPassword, String hashPassword) {
- if (StringUtils.isNotEmpty(principalSuffix.get())) {
+ if (StringKit.isNotEmpty(principalSuffix.get())) {
username += principalSuffix.get();
}
return connect(username, inputPassword);
@@ -255,7 +251,7 @@ public class LdapsPassport extends AbstractPassport {
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, getContextFactory());
String url = getLdapUrl();
- if (StringUtils.isNotBlank(url)) {
+ if (StringKit.isNotBlank(url)) {
if (!url.endsWith("/")) {
url += "/";
}
@@ -276,32 +272,32 @@ public class LdapsPassport extends AbstractPassport {
ks.load(null, null);
ks.setCertificateEntry("LDAP_ALIAS", certificate);
- if (!ResourceIOUtils.exist("/plugins/ldaps.keystore")) {
- ResourceIOUtils.createFile("/plugins/ldaps.keystore");
- File keyStoreFile = new File(ResourceIOUtils.getRealPath("/plugins/ldaps.keystore"));
+ if (!ResourceKit.exist("/plugins/ldaps.keystore")) {
+ ResourceKit.createFile("/plugins/ldaps.keystore");
+ File keyStoreFile = new File(ResourceKit.getRealPath("/plugins/ldaps.keystore"));
FileOutputStream fos = new FileOutputStream(keyStoreFile);
ks.store(fos, "LdapsKeyStorePwd".toCharArray());
}
} catch (Exception e) {
- FineLoggerFactory.getLogger().error("LDAPS: Exception during reading key file and writing keyStore" + e.toString());
+ LogKit.error("LDAPS: Exception during reading key file and writing keyStore" + e.toString());
}
- System.setProperty("javax.net.ssl.trustStore", ResourceIOUtils.getRealPath("/plugins/ldaps.keystore"));
+ System.setProperty("javax.net.ssl.trustStore", ResourceKit.getRealPath("/plugins/ldaps.keystore"));
System.setProperty("javax.net.ssl.keyStorePassword", "LdapsKeyStorePwd");
//java 1.8_181的安全性改动,开启了对于LDAP的端点标识,导致证书里的CN和ldaps服务器域名对不上就抛错
System.setProperty("com.sun.jndi.ldap.object.disableEndpointIdentification", "true");
//-----------------LDAPS--------------------
//有管理员账号时,是显示连接
- if (StringUtils.isNotBlank(getLdapSystemName())
- && StringUtils.isNotBlank(getLdapSystemPassword())) {
+ if (StringKit.isNotBlank(getLdapSystemName())
+ && StringKit.isNotBlank(getLdapSystemPassword())) {
props.put(Context.SECURITY_PRINCIPAL, getLdapSystemName());
props.put(Context.SECURITY_CREDENTIALS, getLdapSystemPassword());
}
try {
return new InitialLdapContext(props, connCtls);
} catch (javax.naming.AuthenticationException e) {
- FineLoggerFactory.getLogger().error("LDAPS: AuthenticationException,Authentication failed: " + e.toString());
+ LogKit.error("LDAPS: AuthenticationException,Authentication failed: " + e.toString());
} catch (Exception e) {
- FineLoggerFactory.getLogger().error("LDAPS: Exception,Something wrong while authenticating: " + e.toString());
+ LogKit.error("LDAPS: Exception,Something wrong while authenticating: " + e.toString());
}
return null;
}
@@ -309,20 +305,16 @@ public class LdapsPassport extends AbstractPassport {
private boolean authenticate(LdapContext ctx, String username, String password) {
boolean isValid = true;
String userDN = recurseGetUserDN(ctx, username);
- if (StringUtils.isEmpty(userDN)) {
+ if (StringKit.isEmpty(userDN)) {
//未正确获取到DN,代表域上没有这个用户而平台有,客户需求:转而用平台登录
- FineLoggerFactory.getLogger().debug("LDAPS: No such user on ldap server, authenticating with platform passport");
+ LogKit.debug("LDAPS: No such user on ldap server, authenticating with platform passport");
try {
- User user = UserService.getInstance().getUserByUserName(username);
- if (user == null) {
- return false;
- }
- PasswordValidator passwordValidator = UserSourceFactory.getInstance().getUserSource(user).getPasswordValidator();
+ ReadOnlyUser user = UserKit.getReadOnlyUser(username);
+ PasswordValidator passwordValidator = UserKit.fetchUserSource(username).getPasswordValidator();
String hashPassword = passwordValidator.encode(user.getUserName(), password);
- Passport passport = new DefaultPassport();
- return passport.checkTicket(user.getUserName(), password, user.getPassword(), hashPassword);
+ return AssistKit.equals(user.getPassword(), hashPassword);
} catch (Exception e) {
- FineLoggerFactory.getLogger().error("LDAPS: Exception during logging with platform default passport");
+ LogKit.error("LDAPS: Exception during logging with platform default passport");
return false;
}
}
@@ -330,11 +322,8 @@ public class LdapsPassport extends AbstractPassport {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(connCtls);
- } catch (AuthenticationException e) {
- FineLoggerFactory.getLogger().error(e.getMessage(), e);
- isValid = false;
} catch (NamingException e) {
- FineLoggerFactory.getLogger().error(e.getMessage(), e);
+ LogKit.error(e.getMessage(), e);
isValid = false;
}
return isValid;
@@ -343,36 +332,36 @@ public class LdapsPassport extends AbstractPassport {
private String recurseGetUserDN(LdapContext ctx, String name) {
String lastTimeMatchWordShadow = threadLocal.get();
// 前一次匹配成功的字段作为优先匹配的字段
- if (StringUtils.isNotEmpty(lastTimeMatchWordShadow)) {
- FineLoggerFactory.getLogger().debug("LDAPS: Using cached word " + lastTimeMatchWordShadow);
+ if (StringKit.isNotEmpty(lastTimeMatchWordShadow)) {
+ LogKit.debug("LDAPS: Using cached word " + lastTimeMatchWordShadow);
String userDN = getUserDN(ctx, name, lastTimeMatchWordShadow);
- if (StringUtils.isNotBlank(userDN)) {
+ if (StringKit.isNotBlank(userDN)) {
return userDN;
}
}
String[] fWords = {"sAMAccountName", "cn", "userPrincipalName", "uid", "displayName", "name", "sn",};
for (String fWord : fWords) {
- if (StringUtils.isNotEmpty(lastTimeMatchWordShadow) && ComparatorUtils.equals(lastTimeMatchWordShadow, fWord)) {
+ if (StringKit.isNotEmpty(lastTimeMatchWordShadow) && AssistKit.equals(lastTimeMatchWordShadow, fWord)) {
continue;
}
String userDN = getUserDN(ctx, name, fWord);
- if (StringUtils.isNotBlank(userDN)) {
+ if (StringKit.isNotBlank(userDN)) {
// 缓存匹配字段
- FineLoggerFactory.getLogger().debug("LDAPS: Cached word updated to " + fWord);
+ LogKit.debug("LDAPS: Cached word updated to " + fWord);
lastTimeMatchWord = fWord;
return userDN;
}
}
- return StringUtils.EMPTY;
+ return StringKit.EMPTY;
}
private String getUserDN(LdapContext ctx, String name, String word) {
- String userDN = StringUtils.EMPTY;
+ String userDN = StringKit.EMPTY;
try {
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(&(" + word + "=" + name + "))";
- String baseDN = StringUtils.EMPTY;
+ String baseDN = StringKit.EMPTY;
if (!isRetrieveLocAsBaseDN()) {
//检索位置不作为BaseDN,那url中不加上检索位置,search中则用检索位置作为BaseDN
baseDN = getLdapSearchBase();
@@ -382,15 +371,15 @@ public class LdapsPassport extends AbstractPassport {
if (en.hasMoreElements()) {
SearchResult sr = (SearchResult) en.nextElement();
userDN = sr.getNameInNamespace();
- if (StringUtils.isNotBlank(userDN) && userDN.contains(name)) {
+ if (StringKit.isNotBlank(userDN) && userDN.contains(name)) {
break;
}
}
}
} catch (Exception e) {
- FineLoggerFactory.getLogger().error("LDAPS: error during getUserDN ", e);
+ LogKit.error("LDAPS: error during getUserDN ", e);
}
- FineLoggerFactory.getLogger().debug("LDAPS: Using word " + word + " name "+ name +" and found userDN " + userDN);
+ LogKit.debug("LDAPS: Using word " + word + " name " + name + " and found userDN " + userDN);
return userDN;
}
@@ -400,7 +389,7 @@ public class LdapsPassport extends AbstractPassport {
ctx.close();
}
} catch (NamingException e) {
- FineLoggerFactory.getLogger().error(e.getMessage(), e);
+ LogKit.error(e.getMessage(), e);
}
}