From d584537b73d6d04cffbad7b20781ce2e60cbf6c0 Mon Sep 17 00:00:00 2001 From: zhangdong7 <849924886@qq.com> Date: Thu, 2 Mar 2023 16:42:45 +0800 Subject: [PATCH] Add ldap auth --- .../java/com/deem/zkui/bo/AuthResult.java | 28 ++++++++++++++ .../java/com/deem/zkui/controller/Login.java | 27 +++++++------ .../java/com/deem/zkui/utils/LdapAuth.java | 38 ++++++++++++------- 3 files changed, 68 insertions(+), 25 deletions(-) create mode 100644 src/main/java/com/deem/zkui/bo/AuthResult.java diff --git a/src/main/java/com/deem/zkui/bo/AuthResult.java b/src/main/java/com/deem/zkui/bo/AuthResult.java new file mode 100644 index 0000000..c2d14ea --- /dev/null +++ b/src/main/java/com/deem/zkui/bo/AuthResult.java @@ -0,0 +1,28 @@ +package com.deem.zkui.bo; + +/** + * 封装认证结果 + */ +public class AuthResult { + private Boolean authed=false; + private String errMsg; + + public AuthResult() { + } + + public Boolean getAuthed() { + return authed; + } + + public void setAuthed(Boolean authed) { + this.authed = authed; + } + + public String getErrMsg() { + return errMsg; + } + + public void setErrMsg(String errMsg) { + this.errMsg = errMsg; + } +} diff --git a/src/main/java/com/deem/zkui/controller/Login.java b/src/main/java/com/deem/zkui/controller/Login.java index 9cdd856..6d762d0 100644 --- a/src/main/java/com/deem/zkui/controller/Login.java +++ b/src/main/java/com/deem/zkui/controller/Login.java @@ -1,23 +1,23 @@ /** - * * Copyright (c) 2014, Deem Inc. All Rights Reserved. - * + *

* Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at - * + *

* http://www.apache.org/licenses/LICENSE-2.0 - * + *

* Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. - * */ package com.deem.zkui.controller; +import com.deem.zkui.bo.AuthResult; import freemarker.template.TemplateException; + import java.io.IOException; import java.util.HashMap; import java.util.Iterator; @@ -29,8 +29,10 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; + import com.deem.zkui.utils.ServletUtil; import com.deem.zkui.utils.ZooKeeperUtil; +import org.h2.util.StringUtils; import org.json.simple.JSONArray; import org.json.simple.JSONObject; import org.json.simple.parser.JSONParser; @@ -38,6 +40,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.deem.zkui.utils.LdapAuth; + import java.util.Arrays; @SuppressWarnings("serial") @@ -73,18 +76,18 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) //TODO: Implement custom authentication logic if required. String username = request.getParameter("username"); String password = request.getParameter("password"); + String ldapOu = globalProps.getProperty("ldapOu"); String role = null; + AuthResult authResult = new AuthResult(); Boolean authenticated = false; //if ldap is provided then it overrides roleset. if (globalProps.getProperty("ldapAuth").equals("true")) { - authenticated = new LdapAuth().authenticateUser(globalProps.getProperty("ldapUrl"), username, password, globalProps.getProperty("ldapDomain")); + authResult = new LdapAuth().authenticateUser(globalProps.getProperty("ldapUrl"), username, password, globalProps.getProperty("ldapDomain"), ldapOu); + authenticated = authResult.getAuthed(); if (authenticated) { JSONArray jsonRoleSet = (JSONArray) ((JSONObject) new JSONParser().parse(globalProps.getProperty("ldapRoleSet"))).get("users"); - for (Iterator it = jsonRoleSet.iterator(); it.hasNext();) { + for (Iterator it = jsonRoleSet.iterator(); it.hasNext(); ) { JSONObject jsonUser = (JSONObject) it.next(); - if (jsonUser.get("username") != null && jsonUser.get("username").equals("*")) { - role = (String) jsonUser.get("role"); - } if (jsonUser.get("username") != null && jsonUser.get("username").equals(username)) { role = (String) jsonUser.get("role"); } @@ -96,7 +99,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } } else { JSONArray jsonRoleSet = (JSONArray) ((JSONObject) new JSONParser().parse(globalProps.getProperty("userSet"))).get("users"); - for (Iterator it = jsonRoleSet.iterator(); it.hasNext();) { + for (Iterator it = jsonRoleSet.iterator(); it.hasNext(); ) { JSONObject jsonUser = (JSONObject) it.next(); if (jsonUser.get("username").equals(username) && jsonUser.get("password").equals(password)) { authenticated = true; @@ -110,7 +113,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) session.setAttribute("authRole", role); response.sendRedirect("/home"); } else { - session.setAttribute("flashMsg", "Invalid Login"); + session.setAttribute("flashMsg", StringUtils.isNullOrEmpty(authResult.getErrMsg()) ? "Invalid Login" : authResult.getErrMsg()); ServletUtil.INSTANCE.renderHtml(request, response, templateParam, "login.ftl.html"); } diff --git a/src/main/java/com/deem/zkui/utils/LdapAuth.java b/src/main/java/com/deem/zkui/utils/LdapAuth.java index 42e00cc..a5b4d2a 100644 --- a/src/main/java/com/deem/zkui/utils/LdapAuth.java +++ b/src/main/java/com/deem/zkui/utils/LdapAuth.java @@ -1,60 +1,72 @@ /** - * * Copyright (c) 2014, Deem Inc. All Rights Reserved. - * + *

* Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at - * + *

* http://www.apache.org/licenses/LICENSE-2.0 - * + *

* Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. - * */ package com.deem.zkui.utils; -import java.util.Hashtable; +import com.deem.zkui.bo.AuthResult; +import org.slf4j.LoggerFactory; + import javax.naming.Context; import javax.naming.NamingException; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; -import org.slf4j.LoggerFactory; +import java.util.Hashtable; public class LdapAuth { DirContext ctx = null; private final static org.slf4j.Logger logger = LoggerFactory.getLogger(LdapAuth.class); - public boolean authenticateUser(String ldapUrl, String username, String password, String domains) { + public AuthResult authenticateUser(String ldapUrl, String username, String password, String domains, String ou) { + AuthResult authResult = new AuthResult(); String[] domainArr = domains.split(","); for (String domain : domainArr) { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ldapUrl); env.put(Context.SECURITY_AUTHENTICATION, "simple"); - env.put(Context.SECURITY_PRINCIPAL, domain + "\\" + username); + env.put(Context.SECURITY_PRINCIPAL, "uid=" + username + ",ou=" + ou); env.put(Context.SECURITY_CREDENTIALS, password); try { ctx = new InitialDirContext(env); - return true; + authResult.setAuthed(Boolean.TRUE); + return authResult; } catch (NamingException e) { - + authResult.setErrMsg(extractErrorMsg(e.getMessage())); + logger.error(e.getMessage()); } finally { if (ctx != null) { try { ctx.close(); } catch (NamingException ex) { - logger.warn(ex.getMessage()); + authResult.setErrMsg(extractErrorMsg(ex.getMessage())); + logger.error(ex.getMessage()); } } } } - return false; + return authResult; + + } + private String extractErrorMsg(String input) { + String[] subStrArray = input.substring(input.indexOf("reason")).split(" "); + String reason = subStrArray[0].split("=")[1]; + return reason; } + + }