diff --git a/backend/src/main/java/io/metersphere/security/UserModularRealmAuthenticator.java b/backend/src/main/java/io/metersphere/security/UserModularRealmAuthenticator.java index c566e42832..36bd99980e 100644 --- a/backend/src/main/java/io/metersphere/security/UserModularRealmAuthenticator.java +++ b/backend/src/main/java/io/metersphere/security/UserModularRealmAuthenticator.java @@ -29,6 +29,9 @@ public class UserModularRealmAuthenticator extends ModularRealmAuthenticator { // 默认使用本地验证 for (Realm realm : realms) { + if (realm == null) { + continue; + } if (realm.getName().contains(loginType)) { typeRealms.add(realm); } diff --git a/backend/src/main/java/io/metersphere/security/realm/BaseRealm.java b/backend/src/main/java/io/metersphere/security/realm/BaseRealm.java new file mode 100644 index 0000000000..e145d0d102 --- /dev/null +++ b/backend/src/main/java/io/metersphere/security/realm/BaseRealm.java @@ -0,0 +1,55 @@ +package io.metersphere.security.realm; + +import io.metersphere.base.domain.UserGroupPermission; +import io.metersphere.commons.user.SessionUser; +import io.metersphere.commons.utils.SessionUtils; +import io.metersphere.dto.GroupResourceDTO; +import io.metersphere.dto.UserDTO; +import io.metersphere.i18n.Translator; +import io.metersphere.service.UserService; +import org.apache.shiro.authc.*; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.realm.AuthorizingRealm; +import org.apache.shiro.subject.PrincipalCollection; + +import javax.annotation.Resource; +import java.util.List; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; + +public abstract class BaseRealm extends AuthorizingRealm { + @Resource + private UserService userService; + + @Override + protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { + return null; + } + + @Override + protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { + UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; + + String userId = token.getUsername(); + String password = String.valueOf(token.getPassword()); + UserDTO user = userService.getUserDTO(userId); + if (user == null) { + throw new UnknownAccountException(Translator.get("user_not_exist")); + } + SessionUser sessionUser = SessionUser.fromUser(user); + SessionUtils.putUser(sessionUser); + return new SimpleAuthenticationInfo(userId, password, getName()); + } + + @Override + public boolean isPermitted(PrincipalCollection principals, String permission) { + Set permissions = Objects.requireNonNull(SessionUtils.getUser()).getGroupPermissions().stream() + .map(GroupResourceDTO::getUserGroupPermissions) + .flatMap(List::stream) + .map(UserGroupPermission::getPermissionId) + .collect(Collectors.toSet()); + + return permissions.contains(permission); + } +} diff --git a/backend/src/main/java/io/metersphere/security/realm/LdapRealm.java b/backend/src/main/java/io/metersphere/security/realm/LdapRealm.java index dc0d33eb2f..6e923f77c8 100644 --- a/backend/src/main/java/io/metersphere/security/realm/LdapRealm.java +++ b/backend/src/main/java/io/metersphere/security/realm/LdapRealm.java @@ -12,7 +12,6 @@ import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; -import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -32,7 +31,7 @@ import java.util.stream.Collectors; * set realm *

*/ -public class LdapRealm extends AuthorizingRealm { +public class LdapRealm extends BaseRealm { private Logger logger = LoggerFactory.getLogger(LdapRealm.class); @Resource @@ -44,7 +43,7 @@ public class LdapRealm extends AuthorizingRealm { } /** - * 权限认证 + * 角色认证 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { @@ -95,8 +94,4 @@ public class LdapRealm extends AuthorizingRealm { } - @Override - public boolean isPermitted(PrincipalCollection principals, String permission) { - return true; - } } diff --git a/backend/src/main/java/io/metersphere/security/realm/LocalRealm.java b/backend/src/main/java/io/metersphere/security/realm/LocalRealm.java index bb728c4c42..eb257bdb9a 100644 --- a/backend/src/main/java/io/metersphere/security/realm/LocalRealm.java +++ b/backend/src/main/java/io/metersphere/security/realm/LocalRealm.java @@ -13,7 +13,6 @@ import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; -import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -34,7 +33,7 @@ import java.util.stream.Collectors; * set realm *

*/ -public class LocalRealm extends AuthorizingRealm { +public class LocalRealm extends BaseRealm { private Logger logger = LoggerFactory.getLogger(LocalRealm.class); @Resource @@ -49,12 +48,11 @@ public class LocalRealm extends AuthorizingRealm { } /** - * 权限认证 + * 角色认证 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - String userId = (String) principals.getPrimaryPrincipal(); - return getAuthorizationInfo(userId, userService); + return null; } public static AuthorizationInfo getAuthorizationInfo(String userId, UserService userService) { @@ -134,8 +132,4 @@ public class LocalRealm extends AuthorizingRealm { return new SimpleAuthenticationInfo(userId, password, getName()); } - @Override - public boolean isPermitted(PrincipalCollection principals, String permission) { - return true; - } } diff --git a/backend/src/main/java/io/metersphere/xpack b/backend/src/main/java/io/metersphere/xpack index 79d2eb9f78..77479091f8 160000 --- a/backend/src/main/java/io/metersphere/xpack +++ b/backend/src/main/java/io/metersphere/xpack @@ -1 +1 @@ -Subproject commit 79d2eb9f7810b95673f691970e858b05d5d07e9a +Subproject commit 77479091f8c7559b2b0300ef9419de50b9e43ce7