xxl-job接入ldap

发表于 更新于 分类于 阅读次数: 本文字数: 8k 阅读时长 ≈ 7 分钟

修改代码

xxl-job-admin/pom.xml

1
2
3
4
5
6
7
8
9
10
<dependency>
        <groupId>org.springframework.ldap</groupId>
        <artifactId>spring-ldap-core</artifactId>
        <version>2.3.4.RELEASE</version>
</dependency>

<dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
</dependency>

xxl-job-admin/src/main/java/com/xxl/job/admin/core/conf/LdapConfig.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package com.xxl.job.admin.core.conf;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;

import java.util.HashMap;
import java.util.Map;

/**
 * @Author YYT
 * @Date 2021/11/8 18:56
 **/
@Configuration
public class LdapConfig {
    @Value("${ldap.url}")
    private String ldapUrl;
    @Value("${ldap.admin}")
    private String ldapAdmin;
    @Value("${ldap.passwd}")
    private String ldapPasswd;

    @Bean
    public LdapContextSource contextSource() {
        LdapContextSource contextSource = new LdapContextSource();
        Map<String, Object> config = new HashMap();
        contextSource.setUrl(ldapUrl);
        contextSource.setUserDn(ldapAdmin);
        contextSource.setPassword(ldapPasswd);
        config.put("java.naming.ldap.attributes.binary", "objectGUID");
        contextSource.setPooled(true);
        contextSource.setBaseEnvironmentProperties(config);
        return contextSource;
    }

    @Bean
    public LdapTemplate ldapTemplate() {
        if (null == ldapTemplate)
            ldapTemplate = new LdapTemplate(contextSource());
        return ldapTemplate;
    }

    private LdapTemplate ldapTemplate;

}

xxl-job-admin/src/main/java/com/xxl/job/admin/service/LdapUserService.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
package com.xxl.job.admin.service;

public interface LdapUserService {

    /**
     * 根据传入的uid查找用户是否存在
     */
    boolean existByUid(String uid);


    /**
     * ldap验证用户密码
     */
    boolean verify(String username, String password);
}

xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/LdapUserServiceImpl.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package com.xxl.job.admin.service.impl;

import com.xxl.job.admin.service.LdapUserService;
import org.apache.commons.collections.CollectionUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.ldap.LdapProperties;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.stereotype.Service;

import javax.naming.directory.Attributes;
import java.util.List;

/**
 * @Author YYT
 * @Date 2021/11/8 19:07
 **/
@Service
public class LdapUserServiceImpl implements LdapUserService {


    private final LdapProperties ldapProperties;

    @Autowired
    private LdapTemplate ldapTemplate;

    public LdapUserServiceImpl(final LdapProperties ldapProperties) {
        this.ldapProperties = ldapProperties;
    }

    private class UserAttributesMapper implements AttributesMapper<Object> {
        @Override
        public Object mapFromAttributes(Attributes attributes) throws org.springframework.ldap.NamingException {
            return attributes.get("uid");
        }
    }

    @Override
    public boolean existByUid(String uid) {
        String filter = "(&(objectclass=inetOrgPerson)(cn=" + uid + "))";
        List list = ldapTemplate.search("ou=all,dc=nbugs,dc=com", filter, new UserAttributesMapper());
        return !CollectionUtils.isEmpty(list);
    }


    @Override
    public boolean verify(String username, String password) {
        AndFilter filter = new AndFilter();
        filter.and(new EqualsFilter("objectclass", "inetOrgPerson"))
                .and(new EqualsFilter("cn", username));
        return ldapTemplate.authenticate("ou=all,dc=nbugs,dc=com", filter.toString(), password);
    }
}

xxl-job-admin/src/main/java/com/xxl/job/admin/service/LoginService.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package com.xxl.job.admin.service;

import com.xxl.job.admin.core.model.XxlJobUser;
import com.xxl.job.admin.core.util.CookieUtil;
import com.xxl.job.admin.core.util.I18nUtil;
import com.xxl.job.admin.core.util.JacksonUtil;
import com.xxl.job.admin.dao.XxlJobUserDao;
import com.xxl.job.core.biz.model.ReturnT;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.DigestUtils;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.math.BigInteger;

/**
 * @author xuxueli 2019-05-04 22:13:264
 */
@Configuration
public class LoginService {

    public static final String LOGIN_IDENTITY_KEY = "XXL_JOB_LOGIN_IDENTITY";

    @Resource
    private XxlJobUserDao xxlJobUserDao;


    private String makeToken(XxlJobUser xxlJobUser){
        String tokenJson = JacksonUtil.writeValueAsString(xxlJobUser);
        String tokenHex = new BigInteger(tokenJson.getBytes()).toString(16);
        return tokenHex;
    }
    private XxlJobUser parseToken(String tokenHex){
        XxlJobUser xxlJobUser = null;
        if (tokenHex != null) {
            String tokenJson = new String(new BigInteger(tokenHex, 16).toByteArray());      // username_password(md5)
            xxlJobUser = JacksonUtil.readValue(tokenJson, XxlJobUser.class);
        }
        return xxlJobUser;
    }
    
	@Autowired								
    private LdapUserService ldapUserService;

    public ReturnT<String> login(HttpServletRequest request, HttpServletResponse response, String username, String password, boolean ifRemember) {

        // param
        if (username == null || username.trim().length() == 0 || password == null || password.trim().length() == 0) {
            return new ReturnT<String>(500, I18nUtil.getString("login_param_empty"));
        }

        XxlJobUser xxlJobUser = xxlJobUserDao.loadByUserName(username);

        boolean isLdapUser = ldapUserService.existByUid(username);
        //if ldap
        if (isLdapUser) {
            if (!ldapUserService.verify(username, password)) {
                return new ReturnT<String>(500, I18nUtil.getString("login_param_unvalid"));
            }
            if (xxlJobUser == null) {
                xxlJobUser = new XxlJobUser();
                // 初始密码,非用于登录
                xxlJobUser.setPassword("123456");
                xxlJobUser.setUsername(username);
                xxlJobUserDao.save(xxlJobUser);
            }
        } else {
            // valid passowrd
            if (xxlJobUser == null) {
                return new ReturnT<String>(500, I18nUtil.getString("login_param_unvalid"));
            }
            String passwordMd5 = DigestUtils.md5DigestAsHex(password.getBytes());
            if (!passwordMd5.equals(xxlJobUser.getPassword())) {
                return new ReturnT<String>(500, I18nUtil.getString("login_param_unvalid"));
            }
        }

        String loginToken = makeToken(xxlJobUser);

        // do login
        CookieUtil.set(response, LOGIN_IDENTITY_KEY, loginToken, ifRemember);
        return ReturnT.SUCCESS;
    }

    /**
     * logout
     *
     * @param request
     * @param response
     */
    public ReturnT<String> logout(HttpServletRequest request, HttpServletResponse response){
        CookieUtil.remove(request, response, LOGIN_IDENTITY_KEY);
        return ReturnT.SUCCESS;
    }

    /**
     * logout
     *
     * @param request
     * @return
     */
    public XxlJobUser ifLogin(HttpServletRequest request, HttpServletResponse response){
        String cookieToken = CookieUtil.getValue(request, LOGIN_IDENTITY_KEY);
        if (cookieToken != null) {
            XxlJobUser cookieUser = null;
            try {
                cookieUser = parseToken(cookieToken);
            } catch (Exception e) {
                logout(request, response);
            }
            if (cookieUser != null) {
                XxlJobUser dbUser = xxlJobUserDao.loadByUserName(cookieUser.getUsername());
                if (dbUser != null) {
                    if (cookieUser.getPassword().equals(dbUser.getPassword())) {
                        return dbUser;
                    }
                }
            }
        }
        return null;
    }
}

xxl-job-admin/src/main/resources/application-xxx.properties

1
2
3
ldap.url=ldap://xxxxxx:389
ldap.admin=
ldap.passwd=