Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix ldap userId with case problem #2326

Merged
merged 5 commits into from
Jun 20, 2019
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@
import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultSsoHeartbeatHandler;
import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserInfoHolder;
import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserService;
import com.ctrip.framework.apollo.portal.spi.ldap.ApolloLdapAuthenticationProvider;
import com.ctrip.framework.apollo.portal.spi.ldap.FilterLdapByGroupUserSearch;
import com.ctrip.framework.apollo.portal.spi.ldap.LdapUserService;
import com.ctrip.framework.apollo.portal.spi.springsecurity.SpringSecurityUserInfoHolder;
@@ -392,9 +393,10 @@ public LdapAuthenticationProvider ldapAuthProvider() {
ldapContextSource, null);
defaultAuthAutoConfiguration.setIgnorePartialResultException(true);
defaultAuthAutoConfiguration.setSearchSubtree(true);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
bindAuthenticator, defaultAuthAutoConfiguration);
return ldapAuthenticationProvider;
// Rewrite the logic of LdapAuthenticationProvider with ApolloLdapAuthenticationProvider,
// use userId in LDAP system instead of userId input by user.
return new ApolloLdapAuthenticationProvider(
bindAuthenticator, defaultAuthAutoConfiguration, ldapExtendProperties);
}

@Override
Original file line number Diff line number Diff line change
@@ -33,111 +33,3 @@ public void setGroup(LdapGroupProperties group) {
this.group = group;
}
}
class LdapMappingProperties{

/**
* user ldap objectClass
*/
private String objectClass;

/**
* user login Id
*/
private String loginId;

/**
* user rdn key
*/
private String rdnKey;

/**
* user display name
*/
private String userDisplayName;

/**
* email
*/
private String email;

public String getObjectClass() {
return objectClass;
}

public void setObjectClass(String objectClass) {
this.objectClass = objectClass;
}

public String getLoginId() {
return loginId;
}

public void setLoginId(String loginId) {
this.loginId = loginId;
}

public String getRdnKey() {
return rdnKey;
}

public void setRdnKey(String rdnKey) {
this.rdnKey = rdnKey;
}

public String getUserDisplayName() {
return userDisplayName;
}

public void setUserDisplayName(String userDisplayName) {
this.userDisplayName = userDisplayName;
}

public String getEmail() {
return email;
}

public void setEmail(String email) {
this.email = email;
}
}
class LdapGroupProperties{

/**
* group search base
*/
private String groupBase;

/**
* group search filter
*/
private String groupSearch;

/**
* group membership prop
*/
private String groupMembership;

public String getGroupBase() {
return groupBase;
}

public void setGroupBase(String groupBase) {
this.groupBase = groupBase;
}

public String getGroupSearch() {
return groupSearch;
}

public void setGroupSearch(String groupSearch) {
this.groupSearch = groupSearch;
}

public String getGroupMembership() {
return groupMembership;
}

public void setGroupMembership(String groupMembership) {
this.groupMembership = groupMembership;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@


package com.ctrip.framework.apollo.portal.spi.configuration;

/**
* the LdapGroupProperties description.
*
* @author wuzishu
*/
public class LdapGroupProperties {

/**
* group search base
*/
private String groupBase;

/**
* group search filter
*/
private String groupSearch;

/**
* group membership prop
*/
private String groupMembership;

public String getGroupBase() {
return groupBase;
}

public void setGroupBase(String groupBase) {
this.groupBase = groupBase;
}

public String getGroupSearch() {
return groupSearch;
}

public void setGroupSearch(String groupSearch) {
this.groupSearch = groupSearch;
}

public String getGroupMembership() {
return groupMembership;
}

public void setGroupMembership(String groupMembership) {
this.groupMembership = groupMembership;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@


package com.ctrip.framework.apollo.portal.spi.configuration;

/**
* the LdapMappingProperties description.
*
* @author wuzishu
*/
public class LdapMappingProperties {

/**
* user ldap objectClass
*/
private String objectClass;

/**
* user login Id
*/
private String loginId;

/**
* user rdn key
*/
private String rdnKey;

/**
* user display name
*/
private String userDisplayName;

/**
* email
*/
private String email;

public String getObjectClass() {
return objectClass;
}

public void setObjectClass(String objectClass) {
this.objectClass = objectClass;
}

public String getLoginId() {
return loginId;
}

public void setLoginId(String loginId) {
this.loginId = loginId;
}

public String getRdnKey() {
return rdnKey;
}

public void setRdnKey(String rdnKey) {
this.rdnKey = rdnKey;
}

public String getUserDisplayName() {
return userDisplayName;
}

public void setUserDisplayName(String userDisplayName) {
this.userDisplayName = userDisplayName;
}

public String getEmail() {
return email;
}

public void setEmail(String email) {
this.email = email;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@


package com.ctrip.framework.apollo.portal.spi.ldap;

import com.ctrip.framework.apollo.portal.spi.configuration.LdapExtendProperties;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/**
* Inherited from LdapAuthenticationProvider and rewritten the authenticate method,
* modified the userId used by the previous user input,
* changed to use the userId in the LDAP system.
*
* @author wuzishu
*/
public class ApolloLdapAuthenticationProvider extends LdapAuthenticationProvider {

private LdapExtendProperties properties;

public ApolloLdapAuthenticationProvider(
LdapAuthenticator authenticator,
LdapAuthoritiesPopulator authoritiesPopulator) {
super(authenticator, authoritiesPopulator);
}

public ApolloLdapAuthenticationProvider(
LdapAuthenticator authenticator) {
super(authenticator);
}

public ApolloLdapAuthenticationProvider(
LdapAuthenticator authenticator,
LdapAuthoritiesPopulator authoritiesPopulator,
LdapExtendProperties properties) {
super(authenticator, authoritiesPopulator);
this.properties = properties;
}

public ApolloLdapAuthenticationProvider(
LdapAuthenticator authenticator,
LdapExtendProperties properties) {
super(authenticator);
this.properties = properties;
}

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication, this.messages
.getMessage("LdapAuthenticationProvider.onlySupports",
"Only UsernamePasswordAuthenticationToken is supported"));
UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken) authentication;
String username = userToken.getName();
String password = (String) authentication.getCredentials();
if (this.logger.isDebugEnabled()) {
this.logger.debug("Processing authentication request for user: " + username);
}

if (!StringUtils.hasLength(username)) {
throw new BadCredentialsException(
this.messages.getMessage("LdapAuthenticationProvider.emptyUsername", "Empty Username"));
} else if (!StringUtils.hasLength(password)) {
throw new BadCredentialsException(this.messages
.getMessage("AbstractLdapAuthenticationProvider.emptyPassword", "Empty Password"));
} else {
Assert.notNull(password, "Null password was supplied in authentication token");
DirContextOperations userData = this.doAuthentication(userToken);
String loginId = userData.getStringAttribute(properties.getMapping().getLoginId());
UserDetails user = this.userDetailsContextMapper.mapUserFromContext(userData, loginId,
this.loadUserAuthorities(userData, loginId, (String) authentication.getCredentials()));
return this.createSuccessfulAuthentication(userToken, user);
}
}
}