Skip to content

Add ldap auth #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zhangdong1015 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add ldap auth #107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions src/main/java/com/deem/zkui/bo/AuthResult.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package com.deem.zkui.bo;

/**
* 封装认证结果
*/
public class AuthResult {
private Boolean authed=false;
private String errMsg;

public AuthResult() {
}

public Boolean getAuthed() {
return authed;
}

public void setAuthed(Boolean authed) {
this.authed = authed;
}

public String getErrMsg() {
return errMsg;
}

public void setErrMsg(String errMsg) {
this.errMsg = errMsg;
}
}
27 changes: 15 additions & 12 deletions src/main/java/com/deem/zkui/controller/Login.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
/**
*
* Copyright (c) 2014, Deem Inc. All Rights Reserved.
*
* <p>
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
*
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*
*/
package com.deem.zkui.controller;

import com.deem.zkui.bo.AuthResult;
import freemarker.template.TemplateException;

import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
Expand All @@ -29,15 +29,18 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.deem.zkui.utils.ServletUtil;
import com.deem.zkui.utils.ZooKeeperUtil;
import org.h2.util.StringUtils;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.deem.zkui.utils.LdapAuth;

import java.util.Arrays;

@SuppressWarnings("serial")
Expand Down Expand Up @@ -73,18 +76,18 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
//TODO: Implement custom authentication logic if required.
String username = request.getParameter("username");
String password = request.getParameter("password");
String ldapOu = globalProps.getProperty("ldapOu");
String role = null;
AuthResult authResult = new AuthResult();
Boolean authenticated = false;
//if ldap is provided then it overrides roleset.
if (globalProps.getProperty("ldapAuth").equals("true")) {
authenticated = new LdapAuth().authenticateUser(globalProps.getProperty("ldapUrl"), username, password, globalProps.getProperty("ldapDomain"));
authResult = new LdapAuth().authenticateUser(globalProps.getProperty("ldapUrl"), username, password, globalProps.getProperty("ldapDomain"), ldapOu);
authenticated = authResult.getAuthed();
if (authenticated) {
JSONArray jsonRoleSet = (JSONArray) ((JSONObject) new JSONParser().parse(globalProps.getProperty("ldapRoleSet"))).get("users");
for (Iterator it = jsonRoleSet.iterator(); it.hasNext();) {
for (Iterator it = jsonRoleSet.iterator(); it.hasNext(); ) {
JSONObject jsonUser = (JSONObject) it.next();
if (jsonUser.get("username") != null && jsonUser.get("username").equals("*")) {
role = (String) jsonUser.get("role");
}
if (jsonUser.get("username") != null && jsonUser.get("username").equals(username)) {
role = (String) jsonUser.get("role");
}
Expand All @@ -96,7 +99,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
}
} else {
JSONArray jsonRoleSet = (JSONArray) ((JSONObject) new JSONParser().parse(globalProps.getProperty("userSet"))).get("users");
for (Iterator it = jsonRoleSet.iterator(); it.hasNext();) {
for (Iterator it = jsonRoleSet.iterator(); it.hasNext(); ) {
JSONObject jsonUser = (JSONObject) it.next();
if (jsonUser.get("username").equals(username) && jsonUser.get("password").equals(password)) {
authenticated = true;
Expand All @@ -110,7 +113,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
session.setAttribute("authRole", role);
response.sendRedirect("/home");
} else {
session.setAttribute("flashMsg", "Invalid Login");
session.setAttribute("flashMsg", StringUtils.isNullOrEmpty(authResult.getErrMsg()) ? "Invalid Login" : authResult.getErrMsg());
ServletUtil.INSTANCE.renderHtml(request, response, templateParam, "login.ftl.html");
}

Expand Down
38 changes: 25 additions & 13 deletions src/main/java/com/deem/zkui/utils/LdapAuth.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,60 +1,72 @@
/**
*
* Copyright (c) 2014, Deem Inc. All Rights Reserved.
*
* <p>
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
*
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*
*/
package com.deem.zkui.utils;

import java.util.Hashtable;
import com.deem.zkui.bo.AuthResult;
import org.slf4j.LoggerFactory;

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.slf4j.LoggerFactory;
import java.util.Hashtable;

public class LdapAuth {

DirContext ctx = null;
private final static org.slf4j.Logger logger = LoggerFactory.getLogger(LdapAuth.class);

public boolean authenticateUser(String ldapUrl, String username, String password, String domains) {
public AuthResult authenticateUser(String ldapUrl, String username, String password, String domains, String ou) {

AuthResult authResult = new AuthResult();
String[] domainArr = domains.split(",");
for (String domain : domainArr) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, domain + "\\" + username);
env.put(Context.SECURITY_PRINCIPAL, "uid=" + username + ",ou=" + ou);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
ctx = new InitialDirContext(env);
return true;
authResult.setAuthed(Boolean.TRUE);
return authResult;
} catch (NamingException e) {

authResult.setErrMsg(extractErrorMsg(e.getMessage()));
logger.error(e.getMessage());
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException ex) {
logger.warn(ex.getMessage());
authResult.setErrMsg(extractErrorMsg(ex.getMessage()));
logger.error(ex.getMessage());
}
}
}
}
return false;
return authResult;

}

private String extractErrorMsg(String input) {
String[] subStrArray = input.substring(input.indexOf("reason")).split(" ");
String reason = subStrArray[0].split("=")[1];
return reason;
}


}