feat(X-Pack): 认证设置新增 SAML2

2026-05-14 04:12:11 +08:00 · 2025-09-23 17:39:27 +08:00
parent 7d4241b81d
commit a85df0513f
7 changed files with 64 additions and 2 deletions
--- a/core/core-frontend/src/assets/svg/logo_saml.svg
+++ b/core/core-frontend/src/assets/svg/logo_saml.svg
@@ -0,0 +1 @@
+<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1758525435141" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="9077" xmlns:xlink="http://www.w3.org/1999/xlink" width="256" height="256"><path d="M155 487.3c-34.6-8.5-40-13.3-40-28.8 0-19.8 11.5-25.2 38-25.2 19.8 0 46.9 4.4 58.4 8.5v-42.5c-12.5-4.4-33.9-8.5-60.4-8.5-54.7 0-86.3 19-86.3 69 0 42.1 14.6 56 64.8 67.9 36.1 8.8 42.8 15.2 42.8 33.3 0 21.1-10.3 28.2-41.5 28.2-24.1 0-51.5-4.4-66.5-9.6v45.2c14.2 4.1 41.1 8.5 68.6 8.5 64.8 0 90.6-24.8 90.6-70.9 0.1-44.2-12.1-61.3-68.5-75.1zM331 394.1l-87.9 235.7h53.6l20.4-58.4h95.7l20 58.4h54.6l-87.3-235.7H331z m1.3 134.5l31.2-89.4h4.1l30.6 89.4h-65.9zM680 394.2L639.2 527h-2.1l-39-132.8h-83.8v235.7h50.3V444.4h2.1l44.8 140.9h51.7l45.5-140.9h2.1v185.4h50.7V394.2zM865.8 585V394.1h-51.6v235.7h145.4V585z" p-id="9078" fill="#3370ff"></path></svg>
--- a/core/core-frontend/src/locales/zh-CN.ts
+++ b/core/core-frontend/src/locales/zh-CN.ts
@@ -679,7 +679,10 @@ export default {
    sub_area_tip: '请选择省份或直辖市',
    delete_custom_area_tip: '该操作会导致使用了自定义区域的地图无法正常展示，确定删除？',
    please_select_area: '请选择区域',
-    delete_custom_sub_area_tip: '确定删除该自定义区域？'
+    delete_custom_sub_area_tip: '确定删除该自定义区域？',
+    saml: {
+      title: 'SAML2 设置'
+    }
  },
  components: {
    dashboard_style: '仪表板风格',
--- a/sdk/api/api-base/pom.xml
+++ b/sdk/api/api-base/pom.xml
@@ -11,4 +11,4 @@

    <artifactId>api-base</artifactId>

-</project>
+</project>
--- a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackAuthenticationApi.java
+++ b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackAuthenticationApi.java
@@ -41,6 +41,14 @@ public interface XpackAuthenticationApi {
    @PostMapping("/save/oauth2")
    String saveOauth2(@RequestBody XpackOauth2VO editor);

+    @Operation(summary = "保存SAML2")
+    @PostMapping("/save/saml")
+    String saveSaml2(@RequestBody XpackSaml2VO editor);
+
+    @Operation(summary = "SAML2信息")
+    @GetMapping("/info/saml")
+    XpackSaml2VO samlInfo();
+
    @Operation(summary = "OIDC信息")
    @GetMapping("/info/oidc")
    XpackOidcVO oidcInfo();
--- a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackSaml2Api.java
+++ b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackSaml2Api.java
@@ -0,0 +1,17 @@
+package io.dataease.api.xpack.settings;
+
+import com.github.xiaoymin.knife4j.annotations.ApiSupport;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+
+@Tag(name = "Saml2认证")
+@ApiSupport(order = 899)
+public interface XpackSaml2Api {
+
+    @GetMapping("/login")
+    void saml2Login();
+
+    @PostMapping("/sso")
+    void saml2Callback() throws Exception;
+}
--- a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/vo/XpackSaml2VO.java
+++ b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/vo/XpackSaml2VO.java
@@ -0,0 +1,32 @@
+package io.dataease.api.xpack.settings.vo;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import lombok.Data;
+
+import java.io.Serializable;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+@Data
+public class XpackSaml2VO implements Serializable {
+
+    private String spEntityId;
+    private String spAcs;
+
+    private String idpSsoUrl;
+    private String idpEntityId;
+    private String idpLogoutUrl;
+
+
+    @JsonIgnore
+    private PrivateKey spPrivateKey;
+    @JsonIgnore
+    private X509Certificate spCertificate;
+    @JsonIgnore
+    private X509Certificate idpCertificate;
+
+    private int assertionValidityTime = 300; // 5分钟
+    private boolean wantAssertionsSigned = true;
+    private boolean wantAuthnRequestsSigned = true;
+
+}
--- a/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
+++ b/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
@@ -88,6 +88,7 @@ public class WhitelistUtils {
                || StringUtils.startsWithAny(requestURI, "/exportCenter/download")
                || StringUtils.startsWithAny(requestURI, "/i18n/")
                || StringUtils.startsWithAny(requestURI, "/communicate/image/")
+                || StringUtils.startsWithAny(requestURI, "/saml/")
                || StringUtils.startsWithAny(requestURI, "/communicate/down/");
    }
				`@@ -0,0 +1 @@`
				<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1758525435141" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="9077" xmlns:xlink="http://www.w3.org/1999/xlink" width="256" height="256"><path d="M155 487.3c-34.6-8.5-40-13.3-40-28.8 0-19.8 11.5-25.2 38-25.2 19.8 0 46.9 4.4 58.4 8.5v-42.5c-12.5-4.4-33.9-8.5-60.4-8.5-54.7 0-86.3 19-86.3 69 0 42.1 14.6 56 64.8 67.9 36.1 8.8 42.8 15.2 42.8 33.3 0 21.1-10.3 28.2-41.5 28.2-24.1 0-51.5-4.4-66.5-9.6v45.2c14.2 4.1 41.1 8.5 68.6 8.5 64.8 0 90.6-24.8 90.6-70.9 0.1-44.2-12.1-61.3-68.5-75.1zM331 394.1l-87.9 235.7h53.6l20.4-58.4h95.7l20 58.4h54.6l-87.3-235.7H331z m1.3 134.5l31.2-89.4h4.1l30.6 89.4h-65.9zM680 394.2L639.2 527h-2.1l-39-132.8h-83.8v235.7h50.3V444.4h2.1l44.8 140.9h51.7l45.5-140.9h2.1v185.4h50.7V394.2zM865.8 585V394.1h-51.6v235.7h145.4V585z" p-id="9078" fill="#3370ff"></path></svg>