From 237ec647878fadd60315be88ec1be07b701497de Mon Sep 17 00:00:00 2001 From: MaxKey Date: Fri, 26 Mar 2021 20:04:25 +0800 Subject: [PATCH] =?UTF-8?q?openldap,activedirectory=E5=AF=86=E7=A0=81?= =?UTF-8?q?=E9=AA=8C=E8=AF=81=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit openldap,activedirectory密码验证支持,需要先完成用户同步 --- .../realm/AbstractAuthenticationRealm.java | 6 ++ .../jdbc/DefaultJdbcAuthenticationRealm.java | 10 +- .../realm/jdbc/JdbcAuthenticationRealm.java | 23 +++++ .../maxkey/authn/realm/ldap/LdapServer.java | 4 +- .../maxkey/persistence/ldap/LdapUtils.java | 6 +- .../main/java/org/maxkey/MaxKeyConfig.java | 99 +++++++++++-------- .../resources/application-http.properties | 18 +++- .../resources/application-https.properties | 18 ++++ 8 files changed, 136 insertions(+), 48 deletions(-) diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java index 2348ffa64..d240253f4 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java @@ -54,6 +54,12 @@ public abstract class AbstractAuthenticationRealm { protected LoginHistoryService loginHistoryService; protected AbstractRemeberMeService remeberMeService; + + protected boolean ldapSupport; + + protected AbstractAuthenticationRealm ldapAuthenticationRealm; + + /** * diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java index 575b30238..68e74addb 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java @@ -53,9 +53,13 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm */ public boolean passwordMatches(UserInfo userInfo, String password) { boolean passwordMatches = false; - _logger.info("password : " - + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password)); - passwordMatches = passwordEncoder.matches(password,userInfo.getPassword()); + if(ldapSupport) { + passwordMatches =this.ldapAuthenticationRealm.passwordMatches(userInfo, password); + }else { + _logger.debug("password : " + + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password)); + passwordMatches = passwordEncoder.matches(password,userInfo.getPassword()); + } _logger.debug("passwordvalid : " + passwordMatches); if (!passwordMatches) { passwordPolicyValidator.setBadPasswordCount(userInfo); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java index a3f3daacd..fcc35e2a4 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java @@ -17,6 +17,7 @@ package org.maxkey.authn.realm.jdbc; +import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; import org.maxkey.persistence.db.LoginHistoryService; import org.maxkey.persistence.db.LoginService; @@ -59,5 +60,27 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm { } + public JdbcAuthenticationRealm( + PasswordEncoder passwordEncoder, + PasswordPolicyValidator passwordPolicyValidator, + LoginService loginService, + LoginHistoryService loginHistoryService, + AbstractRemeberMeService remeberMeService, + JdbcTemplate jdbcTemplate, + AbstractAuthenticationRealm ldapAuthenticationRealm, + boolean ldapSupport + ) { + + this.passwordEncoder =passwordEncoder; + this.passwordPolicyValidator=passwordPolicyValidator; + this.loginService = loginService; + this.loginHistoryService = loginHistoryService; + this.remeberMeService = remeberMeService; + this.jdbcTemplate = jdbcTemplate; + this.ldapAuthenticationRealm = ldapAuthenticationRealm; + this.ldapSupport = ldapSupport; + } + + } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapServer.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapServer.java index 8d5a53522..6b4873ae6 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapServer.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapServer.java @@ -46,7 +46,7 @@ public final class LdapServer implements IAuthenticationServer { */ @Override public boolean authenticate(String username, String password) { - String queryFilter = "("+filterAttribute+"="+username+")"; + String queryFilter = String.format(filterAttribute, username); _logger.info(" filter : " + queryFilter); String dn=""; SearchControls constraints = new SearchControls(); @@ -69,7 +69,7 @@ public final class LdapServer implements IAuthenticationServer { } catch (NamingException e) { _logger.error("query throw NamingException:" + e.getMessage()); } finally { - ldapUtils.close(); + //ldapUtils.close(); } LdapUtils ldapPassWordValid=new LdapUtils(ldapUtils.getProviderUrl(),dn,password); diff --git a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java index 6e70e2b31..708486696 100644 --- a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java +++ b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java @@ -101,9 +101,9 @@ public class LdapUtils { // connect to ldap server public DirContext openConnection() { - _logger.info("PROVIDER_URL:" + providerUrl); - _logger.info("SECURITY_PRINCIPAL:" + principal); - _logger.info("SECURITY_CREDENTIALS:" + credentials); + _logger.debug("PROVIDER_URL:" + providerUrl); + _logger.debug("SECURITY_PRINCIPAL:" + principal); + _logger.trace("SECURITY_CREDENTIALS:" + credentials); // LDAP Properties props = new Properties(); props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java index c8d55a842..d31ddfe2f 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java @@ -22,6 +22,7 @@ import java.util.List; import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm; import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm; import org.maxkey.authn.realm.ldap.LdapServer; +import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.realm.IAuthenticationServer; import org.maxkey.authn.realm.activedirectory.ActiveDirectoryAuthenticationRealm; import org.maxkey.authn.realm.activedirectory.ActiveDirectoryServer; @@ -45,7 +46,6 @@ import org.maxkey.persistence.db.PasswordPolicyValidator; import org.maxkey.persistence.ldap.ActiveDirectoryUtils; import org.maxkey.persistence.ldap.LdapUtils; import org.maxkey.persistence.redis.RedisConnectionFactory; -import org.mybatis.spring.annotation.MapperScan; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.InitializingBean; @@ -104,6 +104,48 @@ public class MaxKeyConfig implements InitializingBean { return keyUriFormat; } + public AbstractAuthenticationRealm ldapAuthenticationRealm( + boolean ldapSupport, + boolean ldapJit, + String providerUrl, + String principal, + String credentials, + String filter, + String baseDN, + String domain, + String product, + JdbcTemplate jdbcTemplate) { + + AbstractAuthenticationRealm authenticationRealm =null; + if(ldapSupport) { + if(product.equalsIgnoreCase("activedirectory")) { + ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate); + ActiveDirectoryServer ldapServer=new ActiveDirectoryServer(); + ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain); + ldapServer.setActiveDirectoryUtils(ldapUtils); + + List ldapServers = new ArrayList(); + ldapServers.add(ldapServer); + activeDirectoryAuthenticationRealm.setActiveDirectoryServers(ldapServers); + authenticationRealm = activeDirectoryAuthenticationRealm; + _logger.debug("ActiveDirectoryAuthenticationRealm inited."); + }else { + LdapAuthenticationRealm ldapAuthenticationRealm = new LdapAuthenticationRealm(jdbcTemplate); + LdapServer ldapServer=new LdapServer(); + LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN); + ldapServer.setLdapUtils(ldapUtils); + ldapServer.setFilterAttribute(filter); + List ldapServers = new ArrayList(); + ldapServers.add(ldapServer); + ldapAuthenticationRealm.setLdapServers(ldapServers); + authenticationRealm = ldapAuthenticationRealm; + _logger.debug("LdapAuthenticationRealm inited."); + } + } + return authenticationRealm; + + } + //可以在此实现其他的登陆认证方式,请实现AbstractAuthenticationRealm @Bean(name = "authenticationRealm") public JdbcAuthenticationRealm authenticationRealm( @@ -112,7 +154,16 @@ public class MaxKeyConfig implements InitializingBean { LoginService loginService, LoginHistoryService loginHistoryService, AbstractRemeberMeService remeberMeService, - JdbcTemplate jdbcTemplate) { + JdbcTemplate jdbcTemplate, + @Value("${maxkey.support.ldap.enable:false}")boolean ldapSupport, + @Value("${maxkey.support.ldap.jit:false}")boolean ldapJit, + @Value("${maxkey.support.ldap.providerurl}")String providerUrl, + @Value("${maxkey.support.ldap.principal}")String principal, + @Value("${maxkey.support.ldap.credentials}")String credentials, + @Value("${maxkey.support.ldap.filter}")String filter, + @Value("${maxkey.support.ldap.basedn}")String baseDN, + @Value("${maxkey.support.ldap.domain}")String domain, + @Value("${maxkey.support.ldap.product:openldap}")String product) { JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm( passwordEncoder, @@ -120,48 +171,18 @@ public class MaxKeyConfig implements InitializingBean { loginService, loginHistoryService, remeberMeService, - jdbcTemplate); + jdbcTemplate, + ldapAuthenticationRealm( + ldapSupport,ldapJit, + providerUrl,principal,credentials, + filter,baseDN,domain,product, + jdbcTemplate), + ldapSupport); return authenticationRealm; } - //LdapAuthenticationRealm - public LdapAuthenticationRealm ldapAuthenticationRealm( - JdbcTemplate jdbcTemplate) { - LdapAuthenticationRealm authenticationRealm = new LdapAuthenticationRealm(jdbcTemplate); - LdapServer ldapServer=new LdapServer(); - String providerUrl = "ldap://localhost:389"; - String principal = "cn=root"; - String credentials = "maxkey"; - String baseDN = "dc=maxkey,dc=top"; - LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN); - ldapServer.setLdapUtils(ldapUtils); - ldapServer.setFilterAttribute("uid"); - List ldapServers = new ArrayList(); - ldapServers.add(ldapServer); - authenticationRealm.setLdapServers(ldapServers); - _logger.debug("LdapAuthenticationRealm inited."); - return authenticationRealm; - } - //ActiveDirectoryAuthenticationRealm - public ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm( - JdbcTemplate jdbcTemplate) { - ActiveDirectoryAuthenticationRealm authenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate); - ActiveDirectoryServer ldapServer=new ActiveDirectoryServer(); - String providerUrl = "ldap://localhost:389"; - String principal = "cn=root"; - String credentials = "maxkey"; - String domain = "maxkey"; - ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain); - ldapServer.setActiveDirectoryUtils(ldapUtils); - - List ldapServers = new ArrayList(); - ldapServers.add(ldapServer); - authenticationRealm.setActiveDirectoryServers(ldapServers); - _logger.debug("LdapAuthenticationRealm inited."); - return authenticationRealm; - } @Bean(name = "timeBasedOtpAuthn") public TimeBasedOtpAuthn timeBasedOtpAuthn() { diff --git a/maxkey-web-maxkey/src/main/resources/application-http.properties b/maxkey-web-maxkey/src/main/resources/application-http.properties index 504ede8fd..36308c84c 100644 --- a/maxkey-web-maxkey/src/main/resources/application-http.properties +++ b/maxkey-web-maxkey/src/main/resources/application-http.properties @@ -208,7 +208,23 @@ maxkey.support.httpheader.headername=header-user ############################################################################ maxkey.support.basic.enable=false - +############################################################################ +# LDAP Login support configuration +############################################################################ +maxkey.support.ldap.enable=false +maxkey.support.ldap.jit=false +#openldap,activedirectory,normal +maxkey.support.ldap.product=openldap +maxkey.support.ldap.ssl=false +maxkey.support.ldap.providerurl=ldap://localhost:389 +maxkey.support.ldap.principal=cn=Manager,dc=maxcrc,dc=com +maxkey.support.ldap.credentials=secret +maxkey.support.ldap.basedn=dc=maxcrc,dc=com +maxkey.support.ldap.filter=(uid=%s) +maxkey.support.ldap.truststore=maxkey +maxkey.support.ldap.truststorepassword=maxkey +#activedirectory effective +maxkey.support.ldap.activedirectory.domain=MAXKEY.ORG ############################################################################# # WsFederation Login support configuration #identifier: the identifer for the ADFS server diff --git a/maxkey-web-maxkey/src/main/resources/application-https.properties b/maxkey-web-maxkey/src/main/resources/application-https.properties index 7f63ea56a..d67050a4b 100644 --- a/maxkey-web-maxkey/src/main/resources/application-https.properties +++ b/maxkey-web-maxkey/src/main/resources/application-https.properties @@ -215,6 +215,24 @@ maxkey.support.httpheader.headername=header-user ############################################################################ maxkey.support.basic.enable=false +############################################################################ +# LDAP Login support configuration +############################################################################ + +maxkey.support.ldap.enable=false +maxkey.support.ldap.jit=false +#openldap,activedirectory,normal +maxkey.support.ldap.product=openldap +maxkey.support.ldap.ssl=false +maxkey.support.ldap.providerurl=ldap://localhost:389 +maxkey.support.ldap.principal=cn=Manager,dc=maxcrc,dc=com +maxkey.support.ldap.credentials=secret +maxkey.support.ldap.basedn=dc=maxcrc,dc=com +maxkey.support.ldap.filter=(uid=%s) +maxkey.support.ldap.truststore=maxkey +maxkey.support.ldap.truststorepassword=maxkey +#activedirectory effective +maxkey.support.ldap.activedirectory.domain=MAXKEY.ORG ############################################################################# # WsFederation Login support configuration