pioneer
/
demo-ldaps-passport
forked from fanruan/demo-ldaps-passport
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

修改为适配FineKit

master
richie 5 years ago
parent
5ebe4f2201
commit
098aed6c1a
4 changed files with 87 additions and 90 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      lib/finekit-10.0.jar
  2. 9
      pom.xml
  3. 23
      src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsAuthenticBean.java
  4. 145
      src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsPassport.java

BIN
lib/finekit-10.0.jar
View File

Binary file not shown.

9
pom.xml
Unescape View File

@ -11,6 +11,15 @@
</parent>
<packaging>jar</packaging>
<artifactId>plugin-decision-ldaps-passport</artifactId>
<dependencies>
<dependency>
<groupId>com.fanruan.api</groupId>
<artifactId>finekit</artifactId>
<version>10.0</version>
<scope>system</scope>
<systemPath>${project.basedir}/lib/finekit-10.0.jar</systemPath>
</dependency>
</dependencies>
<build>
<!---如果要更改调试插件,改这里的配置就可以了-->
<outputDirectory>${project.basedir}/../webroot/WEB-INF/plugins/plugin-decision-ldaps-passport-1.0/classes</outputDirectory>

23
src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsAuthenticBean.java
Unescape View File

@ -1,11 +1,10 @@
package com.fr.plugin.decision.passport.ldaps;
import com.fanruan.api.decision.CommonKit;
import com.fanruan.api.decision.auth.bean.BasePassportBean;
import com.fanruan.api.decision.login.LoginKit;
import com.fanruan.api.util.StringKit;
import com.fr.decision.authorize.Passport;
import com.fr.decision.config.FSConfig;
import com.fr.decision.webservice.bean.authentication.PassportBean;
import com.fr.decision.webservice.utils.DecisionServiceConstants;
import com.fr.decision.webservice.utils.WebServiceUtils;
import com.fr.stable.StringUtils;
import com.fr.third.fasterxml.jackson.annotation.JsonSubTypes;
/**
@ -13,7 +12,7 @@ import com.fr.third.fasterxml.jackson.annotation.JsonSubTypes;
* Created by zhouping on 2018/3/4.
*/
@JsonSubTypes.Type(value = LdapsAuthenticBean.class, name = "LdapAuthenticBean")
public class LdapsAuthenticBean extends PassportBean<LdapsPassport> {
public class LdapsAuthenticBean extends BasePassportBean<LdapsPassport> {
private static final long serialVersionUID = -5233155996986308766L;
//认证URL
@ -126,7 +125,7 @@ public class LdapsAuthenticBean extends PassportBean<LdapsPassport> {
}
@Override
public PassportBean<LdapsPassport> createPassportBean(LdapsPassport passport) {
public BasePassportBean<LdapsPassport> createPassportBean(LdapsPassport passport) {
this.setUrl(passport.getLdapUrl());
this.setSearchBase(passport.getLdapSearchBase());
this.setRetrieveLocAsBaseDN(passport.isRetrieveLocAsBaseDN());
@ -135,8 +134,8 @@ public class LdapsAuthenticBean extends PassportBean<LdapsPassport> {
this.setReferral(passport.getReferral());
this.setPrincipalSuffix(passport.getPrincipalSuffix());
this.setSystemName(passport.getLdapSystemName());
if (StringUtils.isNotEmpty(passport.getLdapSystemPassword())) {
this.setSystemPassword(DecisionServiceConstants.DEFAULT_PASSWORD);
if (StringKit.isNotEmpty(passport.getLdapSystemPassword())) {
this.setSystemPassword(CommonKit.fetchDefaultPasswordHolderString());
}
this.setCertPath(passport.getCertPath());
return this;
@ -153,11 +152,11 @@ public class LdapsAuthenticBean extends PassportBean<LdapsPassport> {
passport.setReferral(getReferral());
passport.setPrincipalSuffix(getPrincipalSuffix());
passport.setLdapSystemName(getSystemName());
if (WebServiceUtils.isDefaultPassword(this.systemPassword)) {
String oldPassword = FSConfig.getInstance().getPassport(LdapsPassport.class).getLdapSystemPassword();
if (CommonKit.isDefaultPasswordHolderString(this.systemPassword)) {
String oldPassword = LoginKit.getPassport(LdapsPassport.class).getLdapSystemPassword();
passport.setLdapSystemPassword(oldPassword);
} else {
passport.setLdapSystemPassword(WebServiceUtils.getBase64DecodeStr(this.systemPassword));
passport.setLdapSystemPassword(CommonKit.getBase64DecodeStr(this.systemPassword));
}
passport.setCertPath(getCertPath());
return passport;

145
src/main/java/com/fr/plugin/decision/passport/ldaps/LdapsPassport.java
Unescape View File

@ -1,24 +1,19 @@
package com.fr.plugin.decision.passport.ldaps;
import com.fanruan.api.conf.HolderKit;
import com.fanruan.api.decision.UserKit;
import com.fanruan.api.decision.auth.BasePassport;
import com.fanruan.api.decision.middle.ReadOnlyUser;
import com.fanruan.api.log.LogKit;
import com.fanruan.api.runtime.ResourceKit;
import com.fanruan.api.security.SecurityKit;
import com.fanruan.api.util.AssistKit;
import com.fanruan.api.util.StringKit;
import com.fr.config.Identifier;
import com.fr.config.holder.Conf;
import com.fr.config.holder.factory.Holders;
import com.fr.decision.authority.data.User;
import com.fr.decision.authorize.Passport;
import com.fr.decision.authorize.impl.AbstractPassport;
import com.fr.decision.authorize.impl.DefaultPassport;
import com.fr.decision.privilege.encrpt.PasswordValidator;
import com.fr.decision.webservice.utils.UserSourceFactory;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.general.ComparatorUtils;
import com.fr.io.utils.ResourceIOUtils;
import com.fr.log.FineLoggerFactory;
import com.fr.security.SecurityToolbox;
import com.fr.stable.AssistUtils;
import com.fr.stable.StringUtils;
import com.fr.third.javax.annotation.Nullable;
import javax.naming.AuthenticationException;
import org.jetbrains.annotations.Nullable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@ -40,7 +35,7 @@ import java.util.concurrent.ExecutionException;
import java.util.concurrent.FutureTask;
public class LdapsPassport extends AbstractPassport {
public class LdapsPassport extends BasePassport {
private static final long serialVersionUID = -1848712022102261769L;
@ -57,39 +52,39 @@ public class LdapsPassport extends AbstractPassport {
/**
* 缓存上次匹配的结果字段
*/
private String lastTimeMatchWord = StringUtils.EMPTY;
private String lastTimeMatchWord = StringKit.EMPTY;
@Identifier("ldapsUrl")
private Conf<String> ldapUrl = Holders.simple(StringUtils.EMPTY);
private Conf<String> ldapUrl = HolderKit.simple(StringKit.EMPTY);
@Identifier("ldapsSearchBase")
private Conf<String> ldapSearchBase = Holders.simple(StringUtils.EMPTY);
private Conf<String> ldapSearchBase = HolderKit.simple(StringKit.EMPTY);
//是否使用检索位置作为baseDN,是的话就加到url中,否则加到search的参数中
@Identifier("ldapsRetrieveLocAsBaseDN")
private Conf<Boolean> retrieveLocAsBaseDN = Holders.simple(true);
private Conf<Boolean> retrieveLocAsBaseDN = HolderKit.simple(true);
//认证方式
@Identifier("ldapsAuthentication")
private Conf<String> authentication = Holders.simple(AUTH_SIMPLE);// none,simple,strong
private Conf<String> authentication = HolderKit.simple(AUTH_SIMPLE);// none,simple,strong
//context初始化的Factory,一般用这个默认值
@Identifier("ldapsContextFactory")
private Conf<String> contextFactory = Holders.simple(SUN_DEFAULT_CONTEXT_FACTORY);
private Conf<String> contextFactory = HolderKit.simple(SUN_DEFAULT_CONTEXT_FACTORY);
//指定将如何处理服务提供者遇到的引用的环境属性名称
@Identifier("ldapsReferral")
private Conf<String> referral = Holders.simple(REFERRAL_FOLLOW);// follow, ignore, throw
private Conf<String> referral = HolderKit.simple(REFERRAL_FOLLOW);// follow, ignore, throw
//ldap用户后缀,如@finereport.com
@Identifier("ldapsPprincipalSuffix")
private Conf<String> principalSuffix = Holders.simple(StringUtils.EMPTY);
private Conf<String> principalSuffix = HolderKit.simple(StringKit.EMPTY);
//ldap系统的管理员姓名
@Identifier("ldapsSystemName")
private Conf<String> ldapSystemName = Holders.simple(StringUtils.EMPTY);
private Conf<String> ldapSystemName = HolderKit.simple(StringKit.EMPTY);
//ldap系统的管理员密码
@Identifier("ldapsSystemPassword")
private Conf<String> ldapSystemPassword = Holders.simple(StringUtils.EMPTY);
private Conf<String> ldapSystemPassword = HolderKit.simple(StringKit.EMPTY);
//ldaps证书路径
@Identifier("ldapsCertPath")
private Conf<String> certPath = Holders.simple(StringUtils.EMPTY);
private Conf<String> certPath = HolderKit.simple(StringKit.EMPTY);
public LdapsPassport() {
@ -153,11 +148,11 @@ public class LdapsPassport extends AbstractPassport {
}
public String getLdapSystemPassword() {
return StringUtils.isEmpty(ldapSystemPassword.get()) ? null : SecurityToolbox.decrypt(ldapSystemPassword.get());
return StringKit.isEmpty(ldapSystemPassword.get()) ? null : SecurityKit.decrypt(ldapSystemPassword.get());
}
public void setLdapSystemPassword(String ldapSystemPassword) {
this.ldapSystemPassword.set(SecurityToolbox.encrypt(ldapSystemPassword));
this.ldapSystemPassword.set(SecurityKit.encrypt(ldapSystemPassword));
}
public boolean isRetrieveLocAsBaseDN() {
@ -189,7 +184,7 @@ public class LdapsPassport extends AbstractPassport {
@Override
public int hashCode() {
return AssistUtils.hashCode(ldapUrl.get(), ldapSearchBase.get(), ldapSystemName.get(), ldapSystemPassword.get(),
return AssistKit.hashCode(ldapUrl.get(), ldapSearchBase.get(), ldapSystemName.get(), ldapSystemPassword.get(),
referral.get(), retrieveLocAsBaseDN.get(), authentication.get(), contextFactory.get(), certPath.get());
}
@ -199,19 +194,20 @@ public class LdapsPassport extends AbstractPassport {
return false;
}
LdapsPassport target = (LdapsPassport) obj;
return ComparatorUtils.equals(target.getPrincipalSuffix(), this.getPrincipalSuffix())
&& ComparatorUtils.equals(target.getReferral(), this.getReferral())
&& ComparatorUtils.equals(target.getLdapUrl(), this.getLdapUrl())
&& ComparatorUtils.equals(target.getContextFactory(), this.getContextFactory())
&& ComparatorUtils.equals(target.getAuthentication(), this.getAuthentication())
&& ComparatorUtils.equals(target.getLdapSystemName(), this.getLdapSystemName())
&& ComparatorUtils.equals(target.getLdapSearchBase(), this.getLdapSearchBase())
&& ComparatorUtils.equals(target.getLdapSystemPassword(), this.getLdapSystemPassword())
&& ComparatorUtils.equals(target.getCertPath(), this.getCertPath());
return AssistKit.equals(target.getPrincipalSuffix(), this.getPrincipalSuffix())
&& AssistKit.equals(target.getReferral(), this.getReferral())
&& AssistKit.equals(target.getLdapUrl(), this.getLdapUrl())
&& AssistKit.equals(target.getContextFactory(), this.getContextFactory())
&& AssistKit.equals(target.getAuthentication(), this.getAuthentication())
&& AssistKit.equals(target.getLdapSystemName(), this.getLdapSystemName())
&& AssistKit.equals(target.getLdapSearchBase(), this.getLdapSearchBase())
&& AssistKit.equals(target.getLdapSystemPassword(), this.getLdapSystemPassword())
&& AssistKit.equals(target.getCertPath(), this.getCertPath());
}
@Override
public boolean checkTicket(String username, String inputPassword, String savedPassword, String hashPassword) {
if (StringUtils.isNotEmpty(principalSuffix.get())) {
if (StringKit.isNotEmpty(principalSuffix.get())) {
username += principalSuffix.get();
}
return connect(username, inputPassword);
@ -255,7 +251,7 @@ public class LdapsPassport extends AbstractPassport {
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, getContextFactory());
String url = getLdapUrl();
if (StringUtils.isNotBlank(url)) {
if (StringKit.isNotBlank(url)) {
if (!url.endsWith("/")) {
url += "/";
}
@ -276,32 +272,32 @@ public class LdapsPassport extends AbstractPassport {
ks.load(null, null);
ks.setCertificateEntry("LDAP_ALIAS", certificate);
if (!ResourceIOUtils.exist("/plugins/ldaps.keystore")) {
ResourceIOUtils.createFile("/plugins/ldaps.keystore");
File keyStoreFile = new File(ResourceIOUtils.getRealPath("/plugins/ldaps.keystore"));
if (!ResourceKit.exist("/plugins/ldaps.keystore")) {
ResourceKit.createFile("/plugins/ldaps.keystore");
File keyStoreFile = new File(ResourceKit.getRealPath("/plugins/ldaps.keystore"));
FileOutputStream fos = new FileOutputStream(keyStoreFile);
ks.store(fos, "LdapsKeyStorePwd".toCharArray());
}
} catch (Exception e) {
FineLoggerFactory.getLogger().error("LDAPS: Exception during reading key file and writing keyStore" + e.toString());
LogKit.error("LDAPS: Exception during reading key file and writing keyStore" + e.toString());
}
System.setProperty("javax.net.ssl.trustStore", ResourceIOUtils.getRealPath("/plugins/ldaps.keystore"));
System.setProperty("javax.net.ssl.trustStore", ResourceKit.getRealPath("/plugins/ldaps.keystore"));
System.setProperty("javax.net.ssl.keyStorePassword", "LdapsKeyStorePwd");
//java 1.8_181的安全性改动,开启了对于LDAP的端点标识,导致证书里的CN和ldaps服务器域名对不上就抛错
System.setProperty("com.sun.jndi.ldap.object.disableEndpointIdentification", "true");
//-----------------LDAPS--------------------
//有管理员账号时,是显示连接
if (StringUtils.isNotBlank(getLdapSystemName())
&& StringUtils.isNotBlank(getLdapSystemPassword())) {
if (StringKit.isNotBlank(getLdapSystemName())
&& StringKit.isNotBlank(getLdapSystemPassword())) {
props.put(Context.SECURITY_PRINCIPAL, getLdapSystemName());
props.put(Context.SECURITY_CREDENTIALS, getLdapSystemPassword());
}
try {
return new InitialLdapContext(props, connCtls);
} catch (javax.naming.AuthenticationException e) {
FineLoggerFactory.getLogger().error("LDAPS: AuthenticationException,Authentication failed: " + e.toString());
LogKit.error("LDAPS: AuthenticationException,Authentication failed: " + e.toString());
} catch (Exception e) {
FineLoggerFactory.getLogger().error("LDAPS: Exception,Something wrong while authenticating: " + e.toString());
LogKit.error("LDAPS: Exception,Something wrong while authenticating: " + e.toString());
}
return null;
}
@ -309,20 +305,16 @@ public class LdapsPassport extends AbstractPassport {
private boolean authenticate(LdapContext ctx, String username, String password) {
boolean isValid = true;
String userDN = recurseGetUserDN(ctx, username);
if (StringUtils.isEmpty(userDN)) {
if (StringKit.isEmpty(userDN)) {
//未正确获取到DN,代表域上没有这个用户而平台有,客户需求:转而用平台登录
FineLoggerFactory.getLogger().debug("LDAPS: No such user on ldap server, authenticating with platform passport");
LogKit.debug("LDAPS: No such user on ldap server, authenticating with platform passport");
try {
User user = UserService.getInstance().getUserByUserName(username);
if (user == null) {
return false;
}
PasswordValidator passwordValidator = UserSourceFactory.getInstance().getUserSource(user).getPasswordValidator();
ReadOnlyUser user = UserKit.getReadOnlyUser(username);
PasswordValidator passwordValidator = UserKit.fetchUserSource(username).getPasswordValidator();
String hashPassword = passwordValidator.encode(user.getUserName(), password);
Passport passport = new DefaultPassport();
return passport.checkTicket(user.getUserName(), password, user.getPassword(), hashPassword);
return AssistKit.equals(user.getPassword(), hashPassword);
} catch (Exception e) {
FineLoggerFactory.getLogger().error("LDAPS: Exception during logging with platform default passport");
LogKit.error("LDAPS: Exception during logging with platform default passport");
return false;
}
}
@ -330,11 +322,8 @@ public class LdapsPassport extends AbstractPassport {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(connCtls);
} catch (AuthenticationException e) {
FineLoggerFactory.getLogger().error(e.getMessage(), e);
isValid = false;
} catch (NamingException e) {
FineLoggerFactory.getLogger().error(e.getMessage(), e);
LogKit.error(e.getMessage(), e);
isValid = false;
}
return isValid;
@ -343,36 +332,36 @@ public class LdapsPassport extends AbstractPassport {
private String recurseGetUserDN(LdapContext ctx, String name) {
String lastTimeMatchWordShadow = threadLocal.get();
// 前一次匹配成功的字段作为优先匹配的字段
if (StringUtils.isNotEmpty(lastTimeMatchWordShadow)) {
FineLoggerFactory.getLogger().debug("LDAPS: Using cached word " + lastTimeMatchWordShadow);
if (StringKit.isNotEmpty(lastTimeMatchWordShadow)) {
LogKit.debug("LDAPS: Using cached word " + lastTimeMatchWordShadow);
String userDN = getUserDN(ctx, name, lastTimeMatchWordShadow);
if (StringUtils.isNotBlank(userDN)) {
if (StringKit.isNotBlank(userDN)) {
return userDN;
}
}
String[] fWords = {"sAMAccountName", "cn", "userPrincipalName", "uid", "displayName", "name", "sn",};
for (String fWord : fWords) {
if (StringUtils.isNotEmpty(lastTimeMatchWordShadow) && ComparatorUtils.equals(lastTimeMatchWordShadow, fWord)) {
if (StringKit.isNotEmpty(lastTimeMatchWordShadow) && AssistKit.equals(lastTimeMatchWordShadow, fWord)) {
continue;
}
String userDN = getUserDN(ctx, name, fWord);
if (StringUtils.isNotBlank(userDN)) {
if (StringKit.isNotBlank(userDN)) {
// 缓存匹配字段
FineLoggerFactory.getLogger().debug("LDAPS: Cached word updated to " + fWord);
LogKit.debug("LDAPS: Cached word updated to " + fWord);
lastTimeMatchWord = fWord;
return userDN;
}
}
return StringUtils.EMPTY;
return StringKit.EMPTY;
}
private String getUserDN(LdapContext ctx, String name, String word) {
String userDN = StringUtils.EMPTY;
String userDN = StringKit.EMPTY;
try {
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(&(" + word + "=" + name + "))";
String baseDN = StringUtils.EMPTY;
String baseDN = StringKit.EMPTY;
if (!isRetrieveLocAsBaseDN()) {
//检索位置不作为BaseDN,那url中不加上检索位置,search中则用检索位置作为BaseDN
baseDN = getLdapSearchBase();
@ -382,15 +371,15 @@ public class LdapsPassport extends AbstractPassport {
if (en.hasMoreElements()) {
SearchResult sr = (SearchResult) en.nextElement();
userDN = sr.getNameInNamespace();
if (StringUtils.isNotBlank(userDN) && userDN.contains(name)) {
if (StringKit.isNotBlank(userDN) && userDN.contains(name)) {
break;
}
}
}
} catch (Exception e) {
FineLoggerFactory.getLogger().error("LDAPS: error during getUserDN ", e);
LogKit.error("LDAPS: error during getUserDN ", e);
}
FineLoggerFactory.getLogger().debug("LDAPS: Using word " + word + " name "+ name +" and found userDN " + userDN);
LogKit.debug("LDAPS: Using word " + word + " name " + name + " and found userDN " + userDN);
return userDN;
}
@ -400,7 +389,7 @@ public class LdapsPassport extends AbstractPassport {
ctx.close();
}
} catch (NamingException e) {
FineLoggerFactory.getLogger().error(e.getMessage(), e);
LogKit.error(e.getMessage(), e);
}
}

Write Preview
Loading…
Cancel
Save