单点登录支持ad认证和平台用户认证

33944ab7 · huangkp · 8fb67f02 · 33944ab7 · 33944ab7
Commit 33944ab7 authored Mar 30, 2021 by huangkp
Showing with 34 additions and 20 deletions

RESTAuthenticationSuccessHandler.java ...eymobile/proxy/conf/RESTAuthenticationSuccessHandler.java +1 -3

SecurityConfig.java src/main/java/com/keymobile/proxy/conf/SecurityConfig.java +33 -17

No files found.
--- a/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
+++ b/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
@@ -50,9 +50,7 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
        		&& !rootAllowLogin) 
        	returnStatus = "root not allow login";
-        if (StringUtils.equals(returnStatus, "ok")) {
+        LogManager.logInfo(Constants.LOG_AUTH_LOGIN_API, "登录", null);
-            LogManager.logInfo(Constants.LOG_AUTH_LOGIN_API, "登录", null);
-        }
        response.sendRedirect("/go");
        PrintWriter writer = response.getWriter();

--- a/src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
+++ b/src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
@@ -3,9 +3,11 @@ package com.keymobile.proxy.conf;
 import com.keymobile.proxy.api.Constants;
 import com.keymobile.proxy.service.PortalService;
 import com.keymobile.proxy.util.Des;
+import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -37,6 +39,12 @@ import java.util.Properties;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    @Value("${ad-authenticate.domain}")
+    private String authDomain;
+    @Value("${ad-authenticate.provider-url}")
+    private String providerUrl;
    private Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
    private static final String usersQuery = "select concat(user_id, ':', id, ':', disname, ':', org_no), `password`, true  from p_user where user_id = ? and `status` = '1'";
@@ -67,6 +75,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private PortalService portalService;
+    @Value("${auth-login.adAuth}")
+    private Boolean authAdLogin;
    @Autowired
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().usersByUsernameQuery(usersQuery).authoritiesByUsernameQuery(rolesQuery)
@@ -102,12 +113,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                    httpServletResponse.sendError(500,"sso login url missing request param");
                    return null;
                }
-                Des des = new Des();
+                if (authAdLogin) {
-                String pwd = des.strDec(portal_password, key);
+                    Des des = new Des();
-                logger.info("sso login param->userName:"+username+" pwd:"+pwd);
+                    String pwd = des.strDec(portal_password, key);
-                if(!authenticate(username,pwd)){
+                    logger.info("sso login param->userName:"+username+" pwd:"+pwd);
-                    httpServletResponse.sendError(500,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                    if(!authenticate(username,pwd)){
-                    return null;
+                        httpServletResponse.sendError(500,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        return null;
+                    }
                }
                httpServletRequest.getSession().setAttribute("ssoLogin",CallBack+"({'query':{'results':{'postresult':'portal_ssologin_succeed'}}});");
                com.keymobile.proxy.model.User user = portalService.getUserByUserId(username);
@@ -116,6 +129,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                    httpServletResponse.sendError(500,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
                    return null;
                }
+                if (! authAdLogin) {
+                    if (! StringUtils.equals(user.getPassword(), portal_password)) {
+                        logger.error(username + " password:" + portal_password + " is error");
+                        httpServletResponse.sendError(500,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        return null;
+                    }
+                }
                List<GrantedAuthority> authorities = new ArrayList<>();
                String userName = user.getUserId() + ":" + user.getId() + ":" + user.getDisname() + ":" + user.getOrgNo();
                List<String> authors = portalService.getByUserId(username);
@@ -133,46 +153,42 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        return authenticationFilter;
    }
    /**
     * 验证用户登录
     *
-     * @param userName
+     * @param userID
     *            String  用户名格式为  username或者username@hntobacco.com
    湖南内网的domain必须是@hntobacco.com,不是hnyc.com
     * @param password
     *            String
     * @return boolean
     */
-    public boolean authenticate(String userName, String password) {
+    public boolean authenticate(String userID, String password) {
        if (password != null && !"".equals(password.trim())) {
            DirContext ctx1;
            try {
-                String domain = "@hntobacco.com";
+                String domain = "@" + authDomain;
                Properties ldapEnv = new Properties();
                ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,
                        "com.sun.jndi.ldap.LdapCtxFactory");
-                ldapEnv.put(Context.PROVIDER_URL, "ldap://hntobacco.com:389");//服务器必须配置DNS，否则无法解析hntobacc.com
+                ldapEnv.put(Context.PROVIDER_URL, providerUrl);//服务器必须配置DNS，否则无法解析hntobacc.com
                ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
-                String user = userName.indexOf(domain) > 0 ? userName : userName
+                String user = userID.indexOf(domain) > 0 ? userID : userID
                        + domain;
                ldapEnv.put(Context.SECURITY_PRINCIPAL, user);
                ldapEnv.put(Context.SECURITY_CREDENTIALS, password);
                ctx1 = new InitialDirContext(ldapEnv);
                ctx1.close();
-                logger.info("登录验证成功！");
                return true;
-            } catch (javax.naming.AuthenticationException e) {
+            } catch (AuthenticationException e) {
-                logger.info("登录失败！"+e.getLocalizedMessage());
+                System.out.println("登录失败！");
                e.printStackTrace();
                return false;
            } catch (NamingException e) {
-                logger.info("登录失败！"+e.getLocalizedMessage());
                e.printStackTrace();
                return false;
            }
        } else {
-            logger.info("登录验证失败！");
            return false;
        }
    }