LDAP password sync

2026-05-15 13:02:07 +08:00 · 2021-07-22 22:15:21 +08:00
parent fae33d2be6
commit 233307f366
10 changed files with 38 additions and 13 deletions
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java
@@ -26,6 +26,7 @@ import org.maxkey.entity.Groups;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.persistence.db.LoginHistoryService;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
+import org.maxkey.persistence.service.UserInfoService;
 import org.maxkey.persistence.db.LoginService;
 import org.maxkey.util.DateUtils;
 import org.maxkey.web.WebConstants;
@@ -59,6 +60,8 @@ public abstract class AbstractAuthenticationRealm {
    
    protected  AbstractAuthenticationRealm ldapAuthenticationRealm;
    
+    protected UserInfoService userInfoService;
+    
   

    /**
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
@@ -53,13 +53,25 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm
     */
    public boolean passwordMatches(UserInfo userInfo, String password) {
        boolean passwordMatches = false;
-        if(ldapSupport) {
+        //jdbc password check
+        _logger.debug("password : " 
+                + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
+        passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
+        
+        //passwordMatches == false and ldapSupport ==true
+        //validate password with LDAP
+        if(!passwordMatches && ldapSupport) {
        	passwordMatches =this.ldapAuthenticationRealm.passwordMatches(userInfo, password);
-        }else {
-	        _logger.debug("password : " 
-	                + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
-	        passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
+        	if(passwordMatches) {
+        	    //init password to local Realm
+        	    UserInfo changePasswordUser = new UserInfo();
+        	    changePasswordUser.setId(userInfo.getId());
+        	    changePasswordUser.setUsername(userInfo.getUsername());
+        	    changePasswordUser.setPassword(password);
+        	    userInfoService.changePassword(changePasswordUser, false);
+        	}
        }
+        
        _logger.debug("passwordvalid : " + passwordMatches);
        if (!passwordMatches) {
            passwordPolicyValidator.setBadPasswordCount(userInfo);
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java
@@ -22,6 +22,7 @@ import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.persistence.db.LoginHistoryService;
 import org.maxkey.persistence.db.LoginService;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
+import org.maxkey.persistence.service.UserInfoService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.jdbc.core.JdbcTemplate;
@@ -49,6 +50,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
    		LoginService loginService,
    		LoginHistoryService loginHistoryService,
    		AbstractRemeberMeService remeberMeService,
+    		UserInfoService userInfoService,
    	    JdbcTemplate jdbcTemplate) {
    	
    	this.passwordEncoder =passwordEncoder;
@@ -56,6 +58,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
    	this.loginService = loginService;
    	this.loginHistoryService = loginHistoryService;
    	this.remeberMeService = remeberMeService;
+    	 this.userInfoService = userInfoService;
        this.jdbcTemplate = jdbcTemplate;
    }
    
@@ -66,6 +69,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
    		LoginService loginService,
    		LoginHistoryService loginHistoryService,
    		AbstractRemeberMeService remeberMeService,
+    		UserInfoService userInfoService,
    	    JdbcTemplate jdbcTemplate,
    	    AbstractAuthenticationRealm ldapAuthenticationRealm,
    	    boolean ldapSupport
@@ -78,6 +82,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
    	this.remeberMeService = remeberMeService;
        this.jdbcTemplate = jdbcTemplate;
        this.ldapAuthenticationRealm = ldapAuthenticationRealm;
+        this.userInfoService = userInfoService;
        this.ldapSupport = ldapSupport;
    }