From e49938ca1eaa6d8a00e8ce86f5f8c8ea264bc133 Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Sun, 28 Sep 2025 16:46:20 +0800
Subject: [PATCH] =?UTF-8?q?perf(X-Pack):=20=E5=AE=8C=E5=96=84=20SAML2=20?=
 =?UTF-8?q?=E5=AF=B9=E6=8E=A5=E7=AD=BE=E5=90=8D=E8=BF=87=E7=A8=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../assets/svg/icon_file_pem_colorfull.svg    |  1 +
 core/core-frontend/src/locales/en.ts          |  2 +
 core/core-frontend/src/locales/tw.ts          |  2 +
 core/core-frontend/src/locales/zh-CN.ts       |  2 +
 .../settings/XpackAuthenticationApi.java      |  4 ++
 .../api/xpack/settings/XpackSaml2Api.java     | 12 +++--
 .../api/xpack/settings/vo/XpackSaml2VO.java   | 13 +++--
 sdk/common/pom.xml                            | 52 +++++++++----------
 .../result/ResultResponseBodyAdvice.java      |  5 ++
 9 files changed, 59 insertions(+), 34 deletions(-)
 create mode 100644 core/core-frontend/src/assets/svg/icon_file_pem_colorfull.svg

diff --git a/core/core-frontend/src/assets/svg/icon_file_pem_colorfull.svg b/core/core-frontend/src/assets/svg/icon_file_pem_colorfull.svg
new file mode 100644
index 0000000000..2cdd8f50bb
--- /dev/null
+++ b/core/core-frontend/src/assets/svg/icon_file_pem_colorfull.svg
@@ -0,0 +1 @@
+<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1758852916058" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="2707" xmlns:xlink="http://www.w3.org/1999/xlink" width="256" height="256"><path d="M160 128a64 64 0 0 1 64-64h384.128L864 320v576a64 64 0 0 1-64 64H224a64 64 0 0 1-64-64V128z" fill="#63CF6A" p-id="2708"></path><path d="M863.68 320H656A48 48 0 0 1 608 272V64.32L863.68 320z" fill="#B8F9BC" p-id="2709"></path><path d="M572.928 681.216h33.024l63.744 146.432h0.768l63.488-146.432h33.024V864h-27.904v-130.56h-1.024L681.984 864h-24.064l-56.064-130.56h-1.024V864h-27.904v-182.784zM408.928 681.216h131.328v23.808H436.8v53.248h97.28v23.808h-97.28v58.112h107.776V864h-135.68v-182.784zM241.92 681.216h75.776c43.52 0 65.28 18.432 65.28 55.552 0 37.376-22.016 56.064-65.792 56.064h-47.36V864H241.92v-182.784z m27.904 23.808v64h45.568c13.824 0 23.808-2.56 30.208-7.68 6.144-5.12 9.472-13.312 9.472-24.576 0-11.264-3.328-19.456-9.728-24.064-6.4-5.12-16.384-7.68-29.952-7.68H269.824z" fill="#FFFFFF" p-id="2710"></path></svg>
\ No newline at end of file
diff --git a/core/core-frontend/src/locales/en.ts b/core/core-frontend/src/locales/en.ts
index 97bdf019e2..62d05afe52 100644
--- a/core/core-frontend/src/locales/en.ts
+++ b/core/core-frontend/src/locales/en.ts
@@ -627,6 +627,8 @@ export default {
     field_mapping: 'Field Mapping',
     oauth2name:
       'For example: {\'{\'}"account": "oauth2Account", "name": "oauth2Name", "email": "email"{\'}\'}',
+    saml2name:
+      'For example: {\'{\'}"account": "saml2Account", "name": "saml2Name", "email": "email"{\'}\'}',
     oidc_settings: 'OIDC Settings',
     test_mail_recipient: 'Only used as a test email recipient',
     to_enable_ssl: 'If the SMTP port is 465, you usually need to enable SSL',
diff --git a/core/core-frontend/src/locales/tw.ts b/core/core-frontend/src/locales/tw.ts
index 295599a859..245ae3471a 100644
--- a/core/core-frontend/src/locales/tw.ts
+++ b/core/core-frontend/src/locales/tw.ts
@@ -607,6 +607,8 @@ export default {
     field_mapping: '字段映射',
     oauth2name:
       '例如：{\'{\'}"account": "oauth2Account", "name": "oauth2Name", "email": "email"{\'}\'}',
+    saml2name:
+      '例如：{\'{\'}"account": "saml2Account", "name": "saml2Name", "email": "email"{\'}\'}',
     oidc_settings: 'OIDC設定',
     test_mail_recipient: '僅用來作為測試郵件收件者',
     to_enable_ssl: '如果SMTP連接埠是465 ，通常需要啟用SSL',
diff --git a/core/core-frontend/src/locales/zh-CN.ts b/core/core-frontend/src/locales/zh-CN.ts
index 4ddc1ce5a6..af8287c579 100644
--- a/core/core-frontend/src/locales/zh-CN.ts
+++ b/core/core-frontend/src/locales/zh-CN.ts
@@ -610,6 +610,8 @@ export default {
     field_mapping: '字段映射',
     oauth2name:
       '例如：{\'{\'}"account": "oauth2Account", "name": "oauth2Name", "email": "email"{\'}\'}',
+    saml2name:
+      '例如：{\'{\'}"account": "saml2Account", "name": "saml2Name", "email": "email"{\'}\'}',
     oidc_settings: 'OIDC设置',
     test_mail_recipient: '仅用来作为测试邮件收件人',
     to_enable_ssl: '如果SMTP端口是 465 ，通常需要启用SSL',
diff --git a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackAuthenticationApi.java b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackAuthenticationApi.java
index c859a1f684..a92c4d9b19 100644
--- a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackAuthenticationApi.java
+++ b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackAuthenticationApi.java
@@ -81,6 +81,10 @@ public interface XpackAuthenticationApi {
     @PostMapping("/validate/oauth2")
     String validateOauth2(@RequestBody XpackOauth2VO editor);
 
+    @Operation(summary = "验证SAML2")
+    @PostMapping("/validate/saml2")
+    String validateSaml2(@RequestBody XpackSaml2VO editor);
+
     @Operation(summary = "验证")
     @PostMapping("/validateId/{id}")
     String validate(@PathVariable("id") Long id);
diff --git a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackSaml2Api.java b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackSaml2Api.java
index df422d593d..1ee34a1b16 100644
--- a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackSaml2Api.java
+++ b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/XpackSaml2Api.java
@@ -2,6 +2,7 @@ package io.dataease.api.xpack.settings;
 
 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 
@@ -9,9 +10,12 @@ import org.springframework.web.bind.annotation.PostMapping;
 @ApiSupport(order = 899)
 public interface XpackSaml2Api {
 
-    @GetMapping("/login")
-    void saml2Login();
-
     @PostMapping("/sso")
-    void saml2Callback() throws Exception;
+    String sso();
+
+    @GetMapping(value = "/metadata", produces = MediaType.APPLICATION_XML_VALUE)
+    String metadata();
+
+    @GetMapping("/login")
+    void login();
 }
diff --git a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/vo/XpackSaml2VO.java b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/vo/XpackSaml2VO.java
index ae20026c3f..e06fa1718c 100644
--- a/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/vo/XpackSaml2VO.java
+++ b/sdk/api/api-base/src/main/java/io/dataease/api/xpack/settings/vo/XpackSaml2VO.java
@@ -2,14 +2,16 @@ package io.dataease.api.xpack.settings.vo;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.Data;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.opensaml.xmlsec.signature.X509Certificate;
 
 import java.io.Serializable;
 import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
 
 @Data
 public class XpackSaml2VO implements Serializable {
 
+    private String idpMetaUrl;
     private String spEntityId;
     private String spAcs;
 
@@ -17,15 +19,20 @@ public class XpackSaml2VO implements Serializable {
     private String idpEntityId;
     private String idpLogoutUrl;
 
+    private String privateKey;
+    private String certificate;
+
+    private String mapping;
+
 
     @JsonIgnore
     private PrivateKey spPrivateKey;
     @JsonIgnore
-    private X509Certificate spCertificate;
+    private BasicX509Credential spCertificate;
     @JsonIgnore
     private X509Certificate idpCertificate;
 
-    private int assertionValidityTime = 300; // 5分钟
+    private int assertionValidityTime = 300;
     private boolean wantAssertionsSigned = true;
     private boolean wantAuthnRequestsSigned = true;
 
diff --git a/sdk/common/pom.xml b/sdk/common/pom.xml
index c8f2ae55e0..72b03a9282 100644
--- a/sdk/common/pom.xml
+++ b/sdk/common/pom.xml
@@ -11,18 +11,14 @@
 
     <artifactId>common</artifactId>
 
-
+    <properties>
+        <opensaml.version>3.4.6</opensaml.version>
+    </properties>
 
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>javax.annotation</groupId>
-                    <artifactId>javax.annotation-api</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
 
         <dependency>
@@ -34,23 +30,7 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-validation</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-jpa</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.querydsl</groupId>
-            <artifactId>querydsl-jpa</artifactId>
-            <version>${querydsl.version}</version>
-            <classifier>jakarta</classifier>
-        </dependency>
-        <dependency>
-            <groupId>com.querydsl</groupId>
-            <artifactId>querydsl-apt</artifactId>
-            <classifier>jakarta</classifier>
-            <version>${querydsl.version}</version>
-            <scope>provided</scope>
-        </dependency>
+
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
@@ -61,10 +41,22 @@
             <artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-boot-starter</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-generator</artifactId>
+            <version>${mybatis-plus.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity-engine-core</artifactId>
         </dependency>
+
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpcore</artifactId>
@@ -147,11 +139,17 @@
         </dependency>
 
         <dependency>
-            <groupId>io.dataease</groupId>
-            <artifactId>extensions-sync</artifactId>
-            <version>${project.version}</version>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-core</artifactId>
+            <version>${opensaml.version}</version>
         </dependency>
 
+        <!-- OpenSAML SAML Impl -->
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-saml-impl</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
     </dependencies>
 
 </project>
diff --git a/sdk/common/src/main/java/io/dataease/result/ResultResponseBodyAdvice.java b/sdk/common/src/main/java/io/dataease/result/ResultResponseBodyAdvice.java
index ef2dc5a03c..da9aa40737 100644
--- a/sdk/common/src/main/java/io/dataease/result/ResultResponseBodyAdvice.java
+++ b/sdk/common/src/main/java/io/dataease/result/ResultResponseBodyAdvice.java
@@ -3,6 +3,7 @@ package io.dataease.result;
 import io.dataease.i18n.I18n;
 import io.dataease.i18n.Translator;
 import io.dataease.utils.JsonUtil;
+import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.core.MethodParameter;
 import org.springframework.http.MediaType;
 import org.springframework.http.converter.HttpMessageConverter;
@@ -32,6 +33,10 @@ public class ResultResponseBodyAdvice implements ResponseBodyAdvice<Object> {
             o = translate(o);
         }
 
+        if (ObjectUtils.isNotEmpty(mediaType) && MediaType.APPLICATION_XML_VALUE.equals(mediaType.toString())) {
+            return o;
+        }
+
         if (!(o instanceof ResultMessage)) {
             ResultMessage resultMessage = ResultMessage.success(o);
             if (o instanceof String) {