Merge pull request #442 from Huyueeer/devLookUserName

LDAP忽略大小写 & 认证携带必要元信息（姓名、部门、邮箱）

Author: ZQKC

distribution/conf/create_mysql_table.sql

@@ -16,6 +16,9 @@ CREATE TABLE `account` (
   `status` int(16) NOT NULL DEFAULT '0' COMMENT '0标识使用中，-1标识已废弃',
   `gmt_create` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
   `gmt_modify` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '修改时间',
+  `department` varchar(128) DEFAULT '' COMMENT '部门名',
+  `display_name` varchar(128) DEFAULT '' COMMENT '用户姓名',
+  `mail` varchar(128) DEFAULT '' COMMENT '邮箱',
   PRIMARY KEY (`id`),
   UNIQUE KEY `uniq_username` (`username`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='账号表';

kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/dto/rd/AccountDTO.java

@@ -21,6 +21,15 @@ public class AccountDTO {
     @ApiModelProperty(value = "角色")
     private Integer role;
 
+    @ApiModelProperty(value = "用户姓名")
+    private String displayName;
+
+    @ApiModelProperty(value = "部门")
+    private String department;
+
+    @ApiModelProperty(value = "邮箱")
+    private String mail;
+
     public String getUsername() {
         return username;
     }
@@ -45,12 +54,39 @@ public void setRole(Integer role) {
         this.role = role;
     }
 
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public void setDisplayName(String displayName) {
+        this.displayName = displayName;
+    }
+
+    public String getDepartment() {
+        return department;
+    }
+
+    public void setDepartment(String department) {
+        this.department = department;
+    }
+
+    public String getMail() {
+        return mail;
+    }
+
+    public void setMail(String mail) {
+        this.mail = mail;
+    }
+
     @Override
     public String toString() {
         return "AccountDTO{" +
                 "username='" + username + '\'' +
                 ", password='" + password + '\'' +
                 ", role=" + role +
+                ", displayName='" + displayName + '\'' +
+                ", department='" + department + '\'' +
+                ", mail='" + mail + '\'' +
                 '}';
     }
 

kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/pojo/AccountDO.java

@@ -21,6 +21,12 @@ public class AccountDO {
 
     private Integer role;
 
+    private String displayName;
+
+    private String department;
+
+    private String mail;
+
     public String getUsername() {
         return username;
     }
@@ -45,16 +51,43 @@ public void setRole(Integer role) {
         this.role = role;
     }
 
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public void setDisplayName(String displayName) {
+        this.displayName = displayName;
+    }
+
+    public String getDepartment() {
+        return department;
+    }
+
+    public void setDepartment(String department) {
+        this.department = department;
+    }
+
+    public String getMail() {
+        return mail;
+    }
+
+    public void setMail(String mail) {
+        this.mail = mail;
+    }
+
     @Override
     public String toString() {
         return "AccountDO{" +
-                "username='" + username + '\'' +
-                ", password='" + password + '\'' +
-                ", role=" + role +
-                ", id=" + id +
+                "id=" + id +
                 ", status=" + status +
                 ", gmtCreate=" + gmtCreate +
                 ", gmtModify=" + gmtModify +
+                ", username='" + username + '\'' +
+                ", password='" + password + '\'' +
+                ", role=" + role +
+                ", displayName='" + displayName + '\'' +
+                ", department='" + department + '\'' +
+                ", mail='" + mail + '\'' +
                 '}';
     }
 }

kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/SplitUtils.java

@@ -0,0 +1,14 @@
+package com.xiaojukeji.kafka.manager.common.utils;
+
+/**
+ * @className: SplitUtils
+ * @description: Split string of type keyValue
+ * @author: Hu.Yue
+ * @date: 2021/8/4
+ **/
+public class SplitUtils {
+
+    public static String keyValueSplit(String keyValue){
+        return keyValue.split(":\\s+")[1];
+    }
+}

kafka-manager-dao/src/main/resources/mapper/AccountDao.xml

@@ -10,14 +10,17 @@
         <result property="role"         column="role" />
         <result property="gmtCreate"    column="gmt_create" />
         <result property="gmtModify"    column="gmt_modify" />
+        <result property="displayName"    column="display_name" />
+        <result property="department"    column="department" />
+        <result property="mail"    column="mail" />
     </resultMap>
 
     <insert id="insert" parameterType="com.xiaojukeji.kafka.manager.common.entity.pojo.AccountDO">
         <![CDATA[
         REPLACE account
-        (username, password, role)
+        (username, password, role, display_name, department, mail)
         VALUES
-        (#{username}, #{password}, #{role})
+        (#{username}, #{password}, #{role}, #{displayName}, #{department}, #{mail})
     ]]>
     </insert>
 

kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/account/BaseEnterpriseStaffService.java

@@ -54,7 +54,8 @@ public List<EnterpriseStaff> searchEnterpriseStaffByKeyWord(String keyWord) {
             }
             List<EnterpriseStaff> staffList = new ArrayList<>();
             for (AccountDO accountDO: doList) {
-                staffList.add(new EnterpriseStaff(accountDO.getUsername(), accountDO.getUsername(), ""));
+                //这里对chineseName填充共识的displayName，Department则获取Department信息
+                staffList.add(new EnterpriseStaff(accountDO.getUsername(), accountDO.getDisplayName(), accountDO.getDepartment()));
             }
             return staffList;
         } catch (Exception e) {

kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java

@@ -1,5 +1,6 @@
 package com.xiaojukeji.kafka.manager.account.component.ldap;
 
+import com.xiaojukeji.kafka.manager.common.utils.SplitUtils;
 import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -14,7 +15,9 @@
 import javax.naming.directory.SearchResult;
 import javax.naming.ldap.InitialLdapContext;
 import javax.naming.ldap.LdapContext;
+import java.util.HashMap;
 import java.util.Hashtable;
+import java.util.Map;
 
 @Component
 public class LdapAuthentication {
@@ -60,16 +63,19 @@ private LdapContext getLdapContext() {
         return null;
     }
 
-    private String getUserDN(String account, LdapContext ctx) {
+    private Map<String, Object> getLdapAttrsInfo(String account, LdapContext ctx) {
+        //存储更多的LDAP元信息
+        Map<String, Object> ldapAttrsInfo = new HashMap<>();
         String userDN = "";
+        ldapAttrsInfo.clear();
         try {
             SearchControls constraints = new SearchControls();
             constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectClass=*)("+ldapFilter+"=" + account + "))";
 
             NamingEnumeration<SearchResult> en = ctx.search("", filter, constraints);
             if (en == null || !en.hasMoreElements()) {
-                return "";
+                return null;
             }
             // maybe more than one element
             while (en.hasMoreElements()) {
@@ -78,13 +84,25 @@ private String getUserDN(String account, LdapContext ctx) {
                     SearchResult si = (SearchResult) obj;
                     userDN += si.getName();
                     userDN += "," + ldapBasedn;
+                    //携带LDAP更多元信息以填充用户元信息
+                    ldapAttrsInfo.put("userDN", userDN);
+                    ldapAttrsInfo.put("sAMAccountName",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("samaccountname").toString()));
+                    ldapAttrsInfo.put("department",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("department").toString()));
+                    ldapAttrsInfo.put("company",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("company").toString()));
+                    ldapAttrsInfo.put("displayName",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("displayname").toString()));
+                    ldapAttrsInfo.put("mail",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("mail").toString()));
                     break;
                 }
             }
         } catch (Exception e) {
             LOGGER.error("class=LdapAuthentication||method=getUserDN||account={}||errMsg={}", account, e);
         }
-        return userDN;
+        return ldapAttrsInfo;
     }
 
     /**
@@ -93,23 +111,23 @@ private String getUserDN(String account, LdapContext ctx) {
      * @param password
      * @return
      */
-    public boolean authenticate(String account, String password) {
+    public Map<String, Object> authenticate(String account, String password) {
         LdapContext ctx = getLdapContext();
         if (ValidateUtils.isNull(ctx)) {
-            return false;
+            return null;
         }
 
         try {
-            String userDN = getUserDN(account, ctx);
-            if(ValidateUtils.isBlank(userDN)){
-                return false;
+            Map<String, Object> ldapAttrsInfo = getLdapAttrsInfo(account, ctx);
+            if(ValidateUtils.isNull(ldapAttrsInfo)){
+                return null;
             }
 
-            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
+            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapAttrsInfo.get("userDN").toString());
             ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
             ctx.reconnect(null);
 
-            return true;
+            return ldapAttrsInfo;
         } catch (AuthenticationException  e) {
             LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e);
         } catch (NamingException e) {
@@ -125,6 +143,6 @@ public boolean authenticate(String account, String password) {
                 }
             }
         }
-        return false;
+        return null;
     }
 }

kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java

@@ -17,6 +17,7 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.Map;
 
 /**
  * @author zengqiao
@@ -47,27 +48,36 @@ public Result<String> loginAndGetLdap(HttpServletRequest request, HttpServletRes
         if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) {
             return Result.buildFailure("Missing parameters");
         }
-
-        Result<AccountDO> accountResult = accountService.getAccountDO(dto.getUsername());
+        //先创建空对象，看是在LDAP去做填充，还是直接查表填充
+        Result<AccountDO> accountResult;
 
         //判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证
         if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){
             //去LDAP验证账密
-            if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){
+            Map<String, Object> ldapAttrsInfo = ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword());;
+            if(ValidateUtils.isNull(ldapAttrsInfo)){
                 return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED);
             }
+            //LDAP验证通过，拿LDAP的sAMAccountName替换dto对象的值，便于第一次自动注册采用LDAP值，并且第二次也避免REPLACE
+            dto.setUsername(ldapAttrsInfo.get("sAMAccountName").toString());
+            accountResult = accountService.getAccountDO(dto.getUsername());
 
             if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){
                 //自动注册
                 AccountDO accountDO = new AccountDO();
                 accountDO.setUsername(dto.getUsername());
                 accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole());
                 accountDO.setPassword(dto.getPassword());
+                accountDO.setDisplayName(ldapAttrsInfo.get("displayName").toString());
+                accountDO.setDepartment(ldapAttrsInfo.get("department").toString());
+                accountDO.setMail(ldapAttrsInfo.get("mail").toString());
                 accountService.createAccount(accountDO);
             }
 
             return Result.buildSuc(dto.getUsername());
         }
+        //不走LDAP认证直接查表填充
+        accountResult = accountService.getAccountDO(dto.getUsername());
 
         if (ValidateUtils.isNull(accountResult) || accountResult.failed()) {
             return new Result<>(accountResult.getCode(), accountResult.getMessage());

kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/converters/AccountConverter.java

@@ -18,6 +18,9 @@ public static AccountDO convert2AccountDO(AccountDTO dto) {
         accountDO.setUsername(dto.getUsername());
         accountDO.setPassword(dto.getPassword());
         accountDO.setRole(dto.getRole());
+        accountDO.setDepartment(dto.getDepartment());
+        accountDO.setMail(dto.getMail());
+        accountDO.setDisplayName(dto.getDisplayName());
         return accountDO;
     }