mirror of
https://gitee.com/dromara/MaxKey.git
synced 2026-05-14 12:32:09 +08:00
openldap,activedirectory密码验证支持
openldap,activedirectory密码验证支持,需要先完成用户同步
This commit is contained in:
MaxKey
@@ -54,6 +54,12 @@ public abstract class AbstractAuthenticationRealm {
|
||||
protected LoginHistoryService loginHistoryService;
|
||||
|
||||
protected AbstractRemeberMeService remeberMeService;
|
||||
|
||||
protected boolean ldapSupport;
|
||||
|
||||
protected AbstractAuthenticationRealm ldapAuthenticationRealm;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
|
||||
@@ -53,9 +53,13 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm
|
||||
*/
|
||||
public boolean passwordMatches(UserInfo userInfo, String password) {
|
||||
boolean passwordMatches = false;
|
||||
_logger.info("password : "
|
||||
+ PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
|
||||
passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
|
||||
if(ldapSupport) {
|
||||
passwordMatches =this.ldapAuthenticationRealm.passwordMatches(userInfo, password);
|
||||
}else {
|
||||
_logger.debug("password : "
|
||||
+ PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
|
||||
passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
|
||||
}
|
||||
_logger.debug("passwordvalid : " + passwordMatches);
|
||||
if (!passwordMatches) {
|
||||
passwordPolicyValidator.setBadPasswordCount(userInfo);
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
|
||||
package org.maxkey.authn.realm.jdbc;
|
||||
|
||||
import org.maxkey.authn.realm.AbstractAuthenticationRealm;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.persistence.db.LoginHistoryService;
|
||||
import org.maxkey.persistence.db.LoginService;
|
||||
@@ -59,5 +60,27 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
|
||||
}
|
||||
|
||||
|
||||
public JdbcAuthenticationRealm(
|
||||
PasswordEncoder passwordEncoder,
|
||||
PasswordPolicyValidator passwordPolicyValidator,
|
||||
LoginService loginService,
|
||||
LoginHistoryService loginHistoryService,
|
||||
AbstractRemeberMeService remeberMeService,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
AbstractAuthenticationRealm ldapAuthenticationRealm,
|
||||
boolean ldapSupport
|
||||
) {
|
||||
|
||||
this.passwordEncoder =passwordEncoder;
|
||||
this.passwordPolicyValidator=passwordPolicyValidator;
|
||||
this.loginService = loginService;
|
||||
this.loginHistoryService = loginHistoryService;
|
||||
this.remeberMeService = remeberMeService;
|
||||
this.jdbcTemplate = jdbcTemplate;
|
||||
this.ldapAuthenticationRealm = ldapAuthenticationRealm;
|
||||
this.ldapSupport = ldapSupport;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -46,7 +46,7 @@ public final class LdapServer implements IAuthenticationServer {
|
||||
*/
|
||||
@Override
|
||||
public boolean authenticate(String username, String password) {
|
||||
String queryFilter = "("+filterAttribute+"="+username+")";
|
||||
String queryFilter = String.format(filterAttribute, username);
|
||||
_logger.info(" filter : " + queryFilter);
|
||||
String dn="";
|
||||
SearchControls constraints = new SearchControls();
|
||||
@@ -69,7 +69,7 @@ public final class LdapServer implements IAuthenticationServer {
|
||||
} catch (NamingException e) {
|
||||
_logger.error("query throw NamingException:" + e.getMessage());
|
||||
} finally {
|
||||
ldapUtils.close();
|
||||
//ldapUtils.close();
|
||||
}
|
||||
|
||||
LdapUtils ldapPassWordValid=new LdapUtils(ldapUtils.getProviderUrl(),dn,password);
|
||||
|
||||
@@ -101,9 +101,9 @@ public class LdapUtils {
|
||||
|
||||
// connect to ldap server
|
||||
public DirContext openConnection() {
|
||||
_logger.info("PROVIDER_URL:" + providerUrl);
|
||||
_logger.info("SECURITY_PRINCIPAL:" + principal);
|
||||
_logger.info("SECURITY_CREDENTIALS:" + credentials);
|
||||
_logger.debug("PROVIDER_URL:" + providerUrl);
|
||||
_logger.debug("SECURITY_PRINCIPAL:" + principal);
|
||||
_logger.trace("SECURITY_CREDENTIALS:" + credentials);
|
||||
// LDAP
|
||||
Properties props = new Properties();
|
||||
props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
||||
|
||||
@@ -22,6 +22,7 @@ import java.util.List;
|
||||
import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
|
||||
import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm;
|
||||
import org.maxkey.authn.realm.ldap.LdapServer;
|
||||
import org.maxkey.authn.realm.AbstractAuthenticationRealm;
|
||||
import org.maxkey.authn.realm.IAuthenticationServer;
|
||||
import org.maxkey.authn.realm.activedirectory.ActiveDirectoryAuthenticationRealm;
|
||||
import org.maxkey.authn.realm.activedirectory.ActiveDirectoryServer;
|
||||
@@ -45,7 +46,6 @@ import org.maxkey.persistence.db.PasswordPolicyValidator;
|
||||
import org.maxkey.persistence.ldap.ActiveDirectoryUtils;
|
||||
import org.maxkey.persistence.ldap.LdapUtils;
|
||||
import org.maxkey.persistence.redis.RedisConnectionFactory;
|
||||
import org.mybatis.spring.annotation.MapperScan;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
@@ -104,6 +104,48 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
return keyUriFormat;
|
||||
}
|
||||
|
||||
public AbstractAuthenticationRealm ldapAuthenticationRealm(
|
||||
boolean ldapSupport,
|
||||
boolean ldapJit,
|
||||
String providerUrl,
|
||||
String principal,
|
||||
String credentials,
|
||||
String filter,
|
||||
String baseDN,
|
||||
String domain,
|
||||
String product,
|
||||
JdbcTemplate jdbcTemplate) {
|
||||
|
||||
AbstractAuthenticationRealm authenticationRealm =null;
|
||||
if(ldapSupport) {
|
||||
if(product.equalsIgnoreCase("activedirectory")) {
|
||||
ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate);
|
||||
ActiveDirectoryServer ldapServer=new ActiveDirectoryServer();
|
||||
ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain);
|
||||
ldapServer.setActiveDirectoryUtils(ldapUtils);
|
||||
|
||||
List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
|
||||
ldapServers.add(ldapServer);
|
||||
activeDirectoryAuthenticationRealm.setActiveDirectoryServers(ldapServers);
|
||||
authenticationRealm = activeDirectoryAuthenticationRealm;
|
||||
_logger.debug("ActiveDirectoryAuthenticationRealm inited.");
|
||||
}else {
|
||||
LdapAuthenticationRealm ldapAuthenticationRealm = new LdapAuthenticationRealm(jdbcTemplate);
|
||||
LdapServer ldapServer=new LdapServer();
|
||||
LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN);
|
||||
ldapServer.setLdapUtils(ldapUtils);
|
||||
ldapServer.setFilterAttribute(filter);
|
||||
List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
|
||||
ldapServers.add(ldapServer);
|
||||
ldapAuthenticationRealm.setLdapServers(ldapServers);
|
||||
authenticationRealm = ldapAuthenticationRealm;
|
||||
_logger.debug("LdapAuthenticationRealm inited.");
|
||||
}
|
||||
}
|
||||
return authenticationRealm;
|
||||
|
||||
}
|
||||
|
||||
//可以在此实现其他的登陆认证方式,请实现AbstractAuthenticationRealm
|
||||
@Bean(name = "authenticationRealm")
|
||||
public JdbcAuthenticationRealm authenticationRealm(
|
||||
@@ -112,7 +154,16 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
LoginService loginService,
|
||||
LoginHistoryService loginHistoryService,
|
||||
AbstractRemeberMeService remeberMeService,
|
||||
JdbcTemplate jdbcTemplate) {
|
||||
JdbcTemplate jdbcTemplate,
|
||||
@Value("${maxkey.support.ldap.enable:false}")boolean ldapSupport,
|
||||
@Value("${maxkey.support.ldap.jit:false}")boolean ldapJit,
|
||||
@Value("${maxkey.support.ldap.providerurl}")String providerUrl,
|
||||
@Value("${maxkey.support.ldap.principal}")String principal,
|
||||
@Value("${maxkey.support.ldap.credentials}")String credentials,
|
||||
@Value("${maxkey.support.ldap.filter}")String filter,
|
||||
@Value("${maxkey.support.ldap.basedn}")String baseDN,
|
||||
@Value("${maxkey.support.ldap.domain}")String domain,
|
||||
@Value("${maxkey.support.ldap.product:openldap}")String product) {
|
||||
|
||||
JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(
|
||||
passwordEncoder,
|
||||
@@ -120,48 +171,18 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
loginService,
|
||||
loginHistoryService,
|
||||
remeberMeService,
|
||||
jdbcTemplate);
|
||||
jdbcTemplate,
|
||||
ldapAuthenticationRealm(
|
||||
ldapSupport,ldapJit,
|
||||
providerUrl,principal,credentials,
|
||||
filter,baseDN,domain,product,
|
||||
jdbcTemplate),
|
||||
ldapSupport);
|
||||
|
||||
return authenticationRealm;
|
||||
}
|
||||
|
||||
//LdapAuthenticationRealm
|
||||
public LdapAuthenticationRealm ldapAuthenticationRealm(
|
||||
JdbcTemplate jdbcTemplate) {
|
||||
LdapAuthenticationRealm authenticationRealm = new LdapAuthenticationRealm(jdbcTemplate);
|
||||
LdapServer ldapServer=new LdapServer();
|
||||
String providerUrl = "ldap://localhost:389";
|
||||
String principal = "cn=root";
|
||||
String credentials = "maxkey";
|
||||
String baseDN = "dc=maxkey,dc=top";
|
||||
LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN);
|
||||
ldapServer.setLdapUtils(ldapUtils);
|
||||
ldapServer.setFilterAttribute("uid");
|
||||
List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
|
||||
ldapServers.add(ldapServer);
|
||||
authenticationRealm.setLdapServers(ldapServers);
|
||||
_logger.debug("LdapAuthenticationRealm inited.");
|
||||
return authenticationRealm;
|
||||
}
|
||||
|
||||
//ActiveDirectoryAuthenticationRealm
|
||||
public ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm(
|
||||
JdbcTemplate jdbcTemplate) {
|
||||
ActiveDirectoryAuthenticationRealm authenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate);
|
||||
ActiveDirectoryServer ldapServer=new ActiveDirectoryServer();
|
||||
String providerUrl = "ldap://localhost:389";
|
||||
String principal = "cn=root";
|
||||
String credentials = "maxkey";
|
||||
String domain = "maxkey";
|
||||
ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain);
|
||||
ldapServer.setActiveDirectoryUtils(ldapUtils);
|
||||
|
||||
List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
|
||||
ldapServers.add(ldapServer);
|
||||
authenticationRealm.setActiveDirectoryServers(ldapServers);
|
||||
_logger.debug("LdapAuthenticationRealm inited.");
|
||||
return authenticationRealm;
|
||||
}
|
||||
|
||||
@Bean(name = "timeBasedOtpAuthn")
|
||||
public TimeBasedOtpAuthn timeBasedOtpAuthn() {
|
||||
|
||||
@@ -208,7 +208,23 @@ maxkey.support.httpheader.headername=header-user
|
||||
############################################################################
|
||||
|
||||
maxkey.support.basic.enable=false
|
||||
|
||||
############################################################################
|
||||
# LDAP Login support configuration
|
||||
############################################################################
|
||||
maxkey.support.ldap.enable=false
|
||||
maxkey.support.ldap.jit=false
|
||||
#openldap,activedirectory,normal
|
||||
maxkey.support.ldap.product=openldap
|
||||
maxkey.support.ldap.ssl=false
|
||||
maxkey.support.ldap.providerurl=ldap://localhost:389
|
||||
maxkey.support.ldap.principal=cn=Manager,dc=maxcrc,dc=com
|
||||
maxkey.support.ldap.credentials=secret
|
||||
maxkey.support.ldap.basedn=dc=maxcrc,dc=com
|
||||
maxkey.support.ldap.filter=(uid=%s)
|
||||
maxkey.support.ldap.truststore=maxkey
|
||||
maxkey.support.ldap.truststorepassword=maxkey
|
||||
#activedirectory effective
|
||||
maxkey.support.ldap.activedirectory.domain=MAXKEY.ORG
|
||||
#############################################################################
|
||||
# WsFederation Login support configuration
|
||||
#identifier: the identifer for the ADFS server
|
||||
|
||||
@@ -215,6 +215,24 @@ maxkey.support.httpheader.headername=header-user
|
||||
############################################################################
|
||||
|
||||
maxkey.support.basic.enable=false
|
||||
############################################################################
|
||||
# LDAP Login support configuration
|
||||
############################################################################
|
||||
|
||||
maxkey.support.ldap.enable=false
|
||||
maxkey.support.ldap.jit=false
|
||||
#openldap,activedirectory,normal
|
||||
maxkey.support.ldap.product=openldap
|
||||
maxkey.support.ldap.ssl=false
|
||||
maxkey.support.ldap.providerurl=ldap://localhost:389
|
||||
maxkey.support.ldap.principal=cn=Manager,dc=maxcrc,dc=com
|
||||
maxkey.support.ldap.credentials=secret
|
||||
maxkey.support.ldap.basedn=dc=maxcrc,dc=com
|
||||
maxkey.support.ldap.filter=(uid=%s)
|
||||
maxkey.support.ldap.truststore=maxkey
|
||||
maxkey.support.ldap.truststorepassword=maxkey
|
||||
#activedirectory effective
|
||||
maxkey.support.ldap.activedirectory.domain=MAXKEY.ORG
|
||||
|
||||
#############################################################################
|
||||
# WsFederation Login support configuration
|
||||
|
||||
Reference in New Issue
Block a user