ldap
This commit is contained in:
parent
76b68b2214
commit
d38cffe952
|
@ -6,6 +6,7 @@ import io.metersphere.commons.exception.MSException;
|
|||
import io.metersphere.controller.ResultHolder;
|
||||
import io.metersphere.controller.request.LoginRequest;
|
||||
import io.metersphere.i18n.Translator;
|
||||
import io.metersphere.ldap.domain.Person;
|
||||
import io.metersphere.ldap.service.LdapService;
|
||||
import io.metersphere.ldap.domain.LdapInfo;
|
||||
import io.metersphere.service.SystemParameterService;
|
||||
|
@ -34,20 +35,25 @@ public class LdapController {
|
|||
MSException.throwException(Translator.get("ldap_authentication_not_enabled"));
|
||||
}
|
||||
|
||||
ldapService.authenticate(request);
|
||||
Person person = ldapService.authenticate(request);
|
||||
|
||||
SecurityUtils.getSubject().getSession().setAttribute("authenticate", "ldap");
|
||||
|
||||
String username = request.getUsername();
|
||||
String password = request.getPassword();
|
||||
|
||||
String email = person.getEmail();
|
||||
|
||||
if (StringUtils.isBlank(email)) {
|
||||
MSException.throwException(Translator.get("login_fail_email_null"));
|
||||
}
|
||||
|
||||
User u = userService.selectUser(request.getUsername());
|
||||
if (u == null) {
|
||||
User user = new User();
|
||||
user.setId(username);
|
||||
user.setName(username);
|
||||
// todo user email ?
|
||||
user.setEmail(username + "@fit2cloud.com");
|
||||
user.setEmail(email);
|
||||
user.setPassword(password);
|
||||
userService.createUser(user);
|
||||
} else {
|
||||
|
|
|
@ -32,6 +32,10 @@ public class PersonRepoImpl implements PersonRepo {
|
|||
|
||||
public boolean authenticate(String dn, String credentials) {
|
||||
LdapTemplate ldapTemplate = getConnection();
|
||||
return authenticate(dn, credentials, ldapTemplate);
|
||||
}
|
||||
|
||||
private boolean authenticate(String dn, String credentials, LdapTemplate ldapTemplate) {
|
||||
DirContext ctx = null;
|
||||
try {
|
||||
ctx = ldapTemplate.getContextSource().getContext(dn, credentials);
|
||||
|
@ -58,9 +62,8 @@ public class PersonRepoImpl implements PersonRepo {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List findByName(String name) {
|
||||
public List<Person> findByName(String name) {
|
||||
LdapTemplate ldapTemplate = getConnection();
|
||||
ldapTemplate.setIgnorePartialResultException(true);
|
||||
LdapQuery query = query().where("cn").is(name);
|
||||
return ldapTemplate.search(query, getContextMapper());
|
||||
}
|
||||
|
@ -68,7 +71,6 @@ public class PersonRepoImpl implements PersonRepo {
|
|||
@Override
|
||||
public String getDnForUser(String uid) {
|
||||
LdapTemplate ldapTemplate = getConnection();
|
||||
ldapTemplate.setIgnorePartialResultException(true);
|
||||
List<String> result = ldapTemplate.search(
|
||||
query().where("cn").is(uid),
|
||||
new AbstractContextMapper() {
|
||||
|
@ -112,7 +114,6 @@ public class PersonRepoImpl implements PersonRepo {
|
|||
|
||||
String credentials = EncryptUtils.aesDecrypt(password).toString();
|
||||
|
||||
|
||||
LdapContextSource sourceLdapCtx = new LdapContextSource();
|
||||
sourceLdapCtx.setUrl(url);
|
||||
sourceLdapCtx.setUserDn(dn);
|
||||
|
@ -120,8 +121,13 @@ public class PersonRepoImpl implements PersonRepo {
|
|||
sourceLdapCtx.setBase(ou);
|
||||
sourceLdapCtx.setDirObjectFactory(DefaultDirObjectFactory.class);
|
||||
sourceLdapCtx.afterPropertiesSet();
|
||||
LdapTemplate ldapTemplate = new LdapTemplate(sourceLdapCtx);
|
||||
ldapTemplate.setIgnorePartialResultException(true);
|
||||
|
||||
return new LdapTemplate(sourceLdapCtx);
|
||||
// ldapTemplate 是否可用
|
||||
authenticate(dn, credentials, ldapTemplate);
|
||||
|
||||
return ldapTemplate;
|
||||
}
|
||||
|
||||
private void preConnect(String url, String dn, String ou, String password) {
|
||||
|
|
|
@ -5,6 +5,7 @@ import io.metersphere.controller.request.LoginRequest;
|
|||
import io.metersphere.i18n.Translator;
|
||||
import io.metersphere.ldap.dao.PersonRepoImpl;
|
||||
import io.metersphere.ldap.domain.LdapInfo;
|
||||
import io.metersphere.ldap.domain.Person;
|
||||
import org.springframework.ldap.CommunicationException;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
|
@ -18,18 +19,19 @@ public class LdapService {
|
|||
private PersonRepoImpl personRepo;
|
||||
|
||||
|
||||
public void authenticate(LoginRequest request) {
|
||||
public Person authenticate(LoginRequest request) {
|
||||
String dn = null;
|
||||
String username = request.getUsername();
|
||||
String credentials = request.getPassword();
|
||||
|
||||
List<Person> personList = null;
|
||||
try {
|
||||
// select user by sAMAccountName
|
||||
List user = personRepo.findByName(username);
|
||||
personList = personRepo.findByName(username);
|
||||
|
||||
if (user.size() == 1) {
|
||||
if (personList.size() == 1) {
|
||||
dn = personRepo.getDnForUser(username);
|
||||
} else if (user.size() == 0) {
|
||||
} else if (personList.size() == 0) {
|
||||
MSException.throwException(Translator.get("user_not_exist") + username);
|
||||
} else {
|
||||
MSException.throwException(Translator.get("find_more_user"));
|
||||
|
@ -38,6 +40,8 @@ public class LdapService {
|
|||
MSException.throwException(Translator.get("ldap_connect_fail"));
|
||||
}
|
||||
personRepo.authenticate(dn, credentials);
|
||||
|
||||
return personList.get(0);
|
||||
}
|
||||
|
||||
public void testConnect(LdapInfo ldap) {
|
||||
|
|
|
@ -120,7 +120,8 @@ ldap_dn_is_null=LDAP binding DN is empty
|
|||
ldap_ou_is_null=LDAP parameter OU is empty
|
||||
ldap_password_is_null=LDAP password is empty
|
||||
ldap_connect_fail=Connection failed
|
||||
authentication_failed=User authentication failed
|
||||
authentication_failed=User authentication failed,wrong user name or password
|
||||
user_not_found_or_not_unique=User does not exist or is not unique
|
||||
find_more_user=Multiple users found
|
||||
ldap_authentication_not_enabled=LDAP authentication is not enabled
|
||||
ldap_authentication_not_enabled=LDAP authentication is not enabled
|
||||
login_fail_email_null=Login failed, user mailbox is empty
|
|
@ -120,10 +120,10 @@ ldap_dn_is_null=LDAP绑定DN为空
|
|||
ldap_ou_is_null=LDAP参数OU为空
|
||||
ldap_password_is_null=LDAP密码为空
|
||||
ldap_connect_fail=连接失败
|
||||
authentication_failed=用户认证失败
|
||||
authentication_failed=用户认证失败,用户名或密码错误
|
||||
user_not_found_or_not_unique=用户不存在或者不唯一
|
||||
find_more_user=查找到多个用户
|
||||
ldap_authentication_not_enabled=LDAP认证未启用
|
||||
|
||||
login_fail_email_null=登录失败,用户邮箱为空
|
||||
|
||||
|
||||
|
|
|
@ -120,7 +120,8 @@ ldap_dn_is_null=LDAP綁定DN為空
|
|||
ldap_ou_is_null=LDAP參數OU為空
|
||||
ldap_password_is_null=LDAP密碼為空
|
||||
ldap_connect_fail=連接失敗
|
||||
authentication_failed=用戶認證失敗
|
||||
authentication_failed=用戶認證失敗,用戶名或密碼錯誤
|
||||
user_not_found_or_not_unique=用戶不存在或者不唯一
|
||||
find_more_user=查找到多個用戶
|
||||
ldap_authentication_not_enabled=LDAP認證未啟用
|
||||
login_fail_email_null=登錄失敗,用戶郵箱為空
|
||||
|
|
|
@ -18,9 +18,9 @@
|
|||
<el-form-item :label="$t('ldap.filter')" prop="filter">
|
||||
<el-input v-model="form.filter" :placeholder="$t('ldap.input_filter_placeholder')"></el-input>
|
||||
</el-form-item>
|
||||
<el-form-item :label="$t('ldap.mapping')" prop="mapping">
|
||||
<el-input v-model="form.mapping" :placeholder="$t('ldap.input_mapping')"></el-input>
|
||||
</el-form-item>
|
||||
<!-- <el-form-item :label="$t('ldap.mapping')" prop="mapping">-->
|
||||
<!-- <el-input v-model="form.mapping" :placeholder="$t('ldap.input_mapping')"></el-input>-->
|
||||
<!-- </el-form-item>-->
|
||||
<el-form-item :label="$t('ldap.open')" prop="open">
|
||||
<el-checkbox v-model="form.open"></el-checkbox>
|
||||
</el-form-item>
|
||||
|
@ -29,7 +29,7 @@
|
|||
<div>
|
||||
<el-button type="primary" size="small" :disabled="!show" @click="testConnection">{{$t('ldap.test_connect')}}
|
||||
</el-button>
|
||||
<el-button type="primary" size="small" :disabled="!show" @click="testLogin">{{$t('ldap.test_login')}}
|
||||
<el-button type="primary" size="small" :disabled="!showLogin || !show" @click="testLogin">{{$t('ldap.test_login')}}
|
||||
</el-button>
|
||||
<el-button v-if="showEdit" size="small" @click="edit">{{$t('ldap.edit')}}</el-button>
|
||||
<el-button type="success" v-if="showSave" size="small" @click="save('form')">{{$t('commons.save')}}</el-button>
|
||||
|
@ -75,6 +75,7 @@
|
|||
showEdit: true,
|
||||
showSave: false,
|
||||
showCancel: false,
|
||||
showLogin: false,
|
||||
loginVisible: false,
|
||||
rules: {
|
||||
url: {required: true, message: this.$t('ldap.input_url'), trigger: ['change', 'blur']},
|
||||
|
@ -120,6 +121,9 @@
|
|||
}
|
||||
this.result = this.$post("/ldap/test/connect", this.form, response => {
|
||||
this.$success(this.$t('commons.connection_successful'));
|
||||
this.showLogin = true;
|
||||
}, () => {
|
||||
this.showLogin = false;
|
||||
})
|
||||
},
|
||||
testLogin() {
|
||||
|
@ -172,6 +176,7 @@
|
|||
this.showEdit = true;
|
||||
this.showSave = false;
|
||||
this.showCancel = false;
|
||||
this.showLogin = false;
|
||||
this.$success(this.$t('commons.save_success'));
|
||||
this.init();
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue