MeterSphere/backend/src/main/java/io/metersphere/security/realm/LocalRealm.java

package io.metersphere.security.realm;


import io.metersphere.base.domain.Role;
import io.metersphere.commons.constants.UserSource;
import io.metersphere.commons.user.SessionUser;
import io.metersphere.commons.utils.SessionUtils;
import io.metersphere.dto.UserDTO;
import io.metersphere.i18n.Translator;
import io.metersphere.service.UserService;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;

import javax.annotation.Resource;
import java.util.Collections;
import java.util.Set;
import java.util.stream.Collectors;


/**
 * 自定义Realm 注入service 可能会导致在 service的aop 失效，例如@Transactional,
 * 解决方法：
 * <p>
 * 1. 这里改成注入mapper，这样mapper 中的事务失效<br/>
 * 2. 这里仍然注入service，在配置ShiroConfig 的时候不去set realm, 等到spring 初始化完成之后
 * set realm
 * </p>
 */
public class LocalRealm extends AuthorizingRealm {

    private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
    @Resource
    private UserService userService;

    @Value("${run.mode:release}")
    private String runMode;

    @Override
    public String getName() {
        return "LOCAL";
    }

    /**
     * 权限认证
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String userId = (String) principals.getPrimaryPrincipal();
        return getAuthorizationInfo(userId, userService);
    }

    public static AuthorizationInfo getAuthorizationInfo(String userId, UserService userService) {
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        // roles 内容填充
        UserDTO userDTO = userService.getUserDTO(userId);
        Set<String> roles = userDTO.getRoles().stream().map(Role::getId).collect(Collectors.toSet());
        authorizationInfo.setRoles(roles);
        return authorizationInfo;
    }

    /**
     * 登录认证
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String login = (String) SecurityUtils.getSubject().getSession().getAttribute("authenticate");

        String userId = token.getUsername();
        String password = String.valueOf(token.getPassword());

        if (StringUtils.equals("local", runMode)) {
            UserDTO user = getUserWithOutAuthenticate(userId);
            userId = user.getId();
            SessionUser sessionUser = SessionUser.fromUser(user);
            SessionUtils.putUser(sessionUser);
            return new SimpleAuthenticationInfo(userId, password, getName());
        }

        if (StringUtils.equals(login, UserSource.LOCAL.name())) {
            return loginLocalMode(userId, password);
        }

        UserDTO user = getUserWithOutAuthenticate(userId);
        userId = user.getId();
        SessionUser sessionUser = SessionUser.fromUser(user);
        SessionUtils.putUser(sessionUser);
        return new SimpleAuthenticationInfo(userId, password, getName());

    }

    private UserDTO getUserWithOutAuthenticate(String userId) {
        UserDTO user = userService.getUserDTO(userId);
        String msg;
        if (user == null) {
            user = userService.getUserDTOByEmail(userId);
            if (user == null) {
                msg = "The user does not exist: " + userId;
                logger.warn(msg);
                throw new UnknownAccountException(Translator.get("password_is_incorrect"));
            }
        }
        return user;
    }

    private AuthenticationInfo loginLocalMode(String userId, String password) {
        UserDTO user = userService.getLoginUser(userId, Collections.singletonList(UserSource.LOCAL.name()));
        String msg;
        if (user == null) {
            user = userService.getUserDTOByEmail(userId, UserSource.LOCAL.name());
            if (user == null) {
                msg = "The user does not exist: " + userId;
                logger.warn(msg);
                throw new UnknownAccountException(Translator.get("password_is_incorrect"));
            }
            userId = user.getId();
        }
        // 密码验证
        if (!userService.checkUserPassword(userId, password)) {
            throw new IncorrectCredentialsException(Translator.get("password_is_incorrect"));
        }
        SessionUser sessionUser = SessionUser.fromUser(user);
        SessionUtils.putUser(sessionUser);
        return new SimpleAuthenticationInfo(userId, password, getName());
    }

    @Override
    public boolean isPermitted(PrincipalCollection principals, String permission) {
        return true;
    }
}
-												feat(xPack): CAS 登录

											
										
										
											2021-01-19 15:49:20 +08:00
+								package io.metersphere.security.realm;
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
-												set roles

											
										
										
											2020-02-19 11:43:16 +08:00
+								import io.metersphere.base.domain.Role;
-												fix: LDAP用户登录问题

											
										
										
											2020-07-14 17:28:53 +08:00
+								import io.metersphere.commons.constants.UserSource;
-												代码调整

											
										
										
											2020-05-13 10:33:16 +08:00
+								import io.metersphere.commons.user.SessionUser;
 								import io.metersphere.commons.utils.SessionUtils;
-												login demo

											
										
										
											2020-02-13 11:51:42 +08:00
+								import io.metersphere.dto.UserDTO;
-												'登陆国际化修改'

											
										
										
											2020-06-04 14:43:27 +08:00
+								import io.metersphere.i18n.Translator;
-												login demo

											
										
										
											2020-02-13 11:51:42 +08:00
+								import io.metersphere.service.UserService;
-												密码校验

											
										
										
											2020-02-27 15:09:01 +08:00
+								import org.apache.commons.lang3.StringUtils;
-												ldap

											
										
										
											2020-06-22 18:46:30 +08:00
+								import org.apache.shiro.SecurityUtils;
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
+								import org.apache.shiro.authc.*;
 								import org.apache.shiro.authz.AuthorizationInfo;
-												set roles

											
										
										
											2020-02-19 11:43:16 +08:00
+								import org.apache.shiro.authz.SimpleAuthorizationInfo;
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
+								import org.apache.shiro.realm.AuthorizingRealm;
 								import org.apache.shiro.subject.PrincipalCollection;
 								import org.slf4j.Logger;
 								import org.slf4j.LoggerFactory;
-												密码校验

											
										
										
											2020-02-27 15:09:01 +08:00
+								import org.springframework.beans.factory.annotation.Value;
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
-												login demo

											
										
										
											2020-02-13 11:51:42 +08:00
+								import javax.annotation.Resource;
-												fix: 用户登录问题

											
										
										
											2020-07-14 20:58:52 +08:00
+								import java.util.Collections;
-												set roles

											
										
										
											2020-02-19 11:43:16 +08:00
+								import java.util.Set;
 								import java.util.stream.Collectors;
-												login demo

											
										
										
											2020-02-13 11:51:42 +08:00
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
 								/**
 								 * 自定义Realm 注入service 可能会导致在 service的aop 失效，例如@Transactional,
 								 * 解决方法：
 								 * <p>
 								 * 1. 这里改成注入mapper，这样mapper 中的事务失效<br/>
 								 * 2. 这里仍然注入service，在配置ShiroConfig 的时候不去set realm, 等到spring 初始化完成之后
 								 * set realm
 								 * </p>
 								 */
-												refactor: 修改类名

											
										
										
											2021-03-19 13:58:21 +08:00
+								public class LocalRealm extends AuthorizingRealm {
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
-												refactor: 修改类名

											
										
										
											2021-03-19 13:58:21 +08:00
+								    private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
-												login demo

											
										
										
											2020-02-13 11:51:42 +08:00
+								    @Resource
 								    private UserService userService;
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
-												密码校验

											
										
										
											2020-02-27 15:09:01 +08:00
+								    @Value("${run.mode:release}")
 								    private String runMode;
-												feat: 配置认证源

											
										
										
											2021-01-12 15:08:07 +08:00
+								    @Override
 								    public String getName() {
 								        return "LOCAL";
 								    }
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
+								    /**
 								     * 权限认证
 								     */
 								    @Override
-												set roles

											
										
										
											2020-02-19 11:43:16 +08:00
+								    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
-												refactor: 适配cas

											
										
										
											2020-08-17 10:09:19 +08:00
+								        String userId = (String) principals.getPrimaryPrincipal();
 								        return getAuthorizationInfo(userId, userService);
 								    }
-												密码校验

											
										
										
											2020-02-27 15:09:01 +08:00
-												refactor: 适配cas

											
										
										
											2020-08-17 10:09:19 +08:00
+								    public static AuthorizationInfo getAuthorizationInfo(String userId, UserService userService) {
-												set roles

											
										
										
											2020-02-19 11:43:16 +08:00
+								        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
 								        // roles 内容填充
-												refactor: 适配cas

											
										
										
											2020-08-17 10:09:19 +08:00
+								        UserDTO userDTO = userService.getUserDTO(userId);
-												set roles

											
										
										
											2020-02-19 11:43:16 +08:00
+								        Set<String> roles = userDTO.getRoles().stream().map(Role::getId).collect(Collectors.toSet());
 								        authorizationInfo.setRoles(roles);
 								        return authorizationInfo;
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
+								    }
 								    /**
 								     * 登录认证
 								     */
 								    @Override
 								    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
 								        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
-												fix: LDAP用户登录问题

											
										
										
											2020-07-14 17:28:53 +08:00
+								        String login = (String) SecurityUtils.getSubject().getSession().getAttribute("authenticate");
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
+								        String userId = token.getUsername();
 								        String password = String.valueOf(token.getPassword());
-												fix: LDAP用户登录问题

											
										
										
											2020-07-14 17:28:53 +08:00
 								        if (StringUtils.equals("local", runMode)) {
 								            UserDTO user = getUserWithOutAuthenticate(userId);
 								            userId = user.getId();
 								            SessionUser sessionUser = SessionUser.fromUser(user);
 								            SessionUtils.putUser(sessionUser);
 								            return new SimpleAuthenticationInfo(userId, password, getName());
 								        }
 								        if (StringUtils.equals(login, UserSource.LOCAL.name())) {
 								            return loginLocalMode(userId, password);
 								        }
 								        UserDTO user = getUserWithOutAuthenticate(userId);
 								        userId = user.getId();
 								        SessionUser sessionUser = SessionUser.fromUser(user);
 								        SessionUtils.putUser(sessionUser);
 								        return new SimpleAuthenticationInfo(userId, password, getName());
 								    }
 								    private UserDTO getUserWithOutAuthenticate(String userId) {
-												login demo

											
										
										
											2020-02-13 11:51:42 +08:00
+								        UserDTO user = userService.getUserDTO(userId);
 								        String msg;
 								        if (user == null) {
-												邮箱登入

											
										
										
											2020-06-11 14:27:17 +08:00
+								            user = userService.getUserDTOByEmail(userId);
 								            if (user == null) {
 								                msg = "The user does not exist: " + userId;
 								                logger.warn(msg);
-												refactor: 用户名或密码错误的时候显示信息修改

											
										
										
											2021-01-21 15:15:41 +08:00
+								                throw new UnknownAccountException(Translator.get("password_is_incorrect"));
-												邮箱登入

											
										
										
											2020-06-11 14:27:17 +08:00
+								            }
-												login demo

											
										
										
											2020-02-13 11:51:42 +08:00
+								        }
-												fix: LDAP用户登录问题

											
										
										
											2020-07-14 17:28:53 +08:00
+								        return user;
 								    }
-												邮箱登入

											
										
										
											2020-06-11 14:27:17 +08:00
-												fix: LDAP用户登录问题

											
										
										
											2020-07-14 17:28:53 +08:00
+								    private AuthenticationInfo loginLocalMode(String userId, String password) {
-												fix: 用户登录问题

											
										
										
											2020-07-14 20:58:52 +08:00
+								        UserDTO user = userService.getLoginUser(userId, Collections.singletonList(UserSource.LOCAL.name()));
-												fix: LDAP用户登录问题

											
										
										
											2020-07-14 17:28:53 +08:00
+								        String msg;
 								        if (user == null) {
-												refactor: 简化代码

											
										
										
											2020-07-24 15:04:38 +08:00
+								            user = userService.getUserDTOByEmail(userId, UserSource.LOCAL.name());
-												fix: LDAP用户登录问题

											
										
										
											2020-07-14 17:28:53 +08:00
+								            if (user == null) {
 								                msg = "The user does not exist: " + userId;
 								                logger.warn(msg);
-												refactor: 用户名或密码错误的时候显示信息修改

											
										
										
											2021-01-21 15:15:41 +08:00
+								                throw new UnknownAccountException(Translator.get("password_is_incorrect"));
-												fix: LDAP用户登录问题

											
										
										
											2020-07-14 17:28:53 +08:00
+								            }
 								            userId = user.getId();
 								        }
-												密码校验

											
										
										
											2020-02-27 15:09:01 +08:00
+								        // 密码验证
 								        if (!userService.checkUserPassword(userId, password)) {
-												'登陆国际化修改'

											
										
										
											2020-06-04 14:43:27 +08:00
+								            throw new IncorrectCredentialsException(Translator.get("password_is_incorrect"));
-												密码校验

											
										
										
											2020-02-27 15:09:01 +08:00
+								        }
-												login demo

											
										
										
											2020-02-13 11:51:42 +08:00
+								        SessionUser sessionUser = SessionUser.fromUser(user);
-												SessionUser

											
										
										
											2020-02-19 14:33:23 +08:00
+								        SessionUtils.putUser(sessionUser);
-												init code

											
										
										
											2020-02-03 11:21:55 +08:00
+								        return new SimpleAuthenticationInfo(userId, password, getName());
 								    }
 								    @Override
 								    public boolean isPermitted(PrincipalCollection principals, String permission) {
 								        return true;
 								    }
 								}