Skip to content

L
loginservice
Commit 33944ab7 by huangkp
Options

单点登录支持ad认证和平台用户认证

parent 8fb67f02
Showing with 34 additions and 20 deletions
src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
......@@ -50,9 +50,7 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
&& !rootAllowLogin)
returnStatus = "root not allow login";
if (StringUtils.equals(returnStatus, "ok")) {
LogManager.logInfo(Constants.LOG_AUTH_LOGIN_API, "登录", null);
}
LogManager.logInfo(Constants.LOG_AUTH_LOGIN_API, "登录", null);
response.sendRedirect("/go");
PrintWriter writer = response.getWriter();
......
src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
......@@ -3,9 +3,11 @@ package com.keymobile.proxy.conf;
import com.keymobile.proxy.api.Constants;
import com.keymobile.proxy.service.PortalService;
import com.keymobile.proxy.util.Des;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
......@@ -37,6 +39,12 @@ import java.util.Properties;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${ad-authenticate.domain}")
private String authDomain;
@Value("${ad-authenticate.provider-url}")
private String providerUrl;
private Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
private static final String usersQuery = "select concat(user_id, ':', id, ':', disname, ':', org_no), `password`, true from p_user where user_id = ? and `status` = '1'";
......@@ -67,6 +75,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private PortalService portalService;
@Value("${auth-login.adAuth}")
private Boolean authAdLogin;
@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().usersByUsernameQuery(usersQuery).authoritiesByUsernameQuery(rolesQuery)
......@@ -102,12 +113,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
httpServletResponse.sendError(500,"sso login url missing request param");
return null;
}
Des des = new Des();
String pwd = des.strDec(portal_password, key);
logger.info("sso login param->userName:"+username+" pwd:"+pwd);
if(!authenticate(username,pwd)){
httpServletResponse.sendError(500,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
return null;
if (authAdLogin) {
Des des = new Des();
String pwd = des.strDec(portal_password, key);
logger.info("sso login param->userName:"+username+" pwd:"+pwd);
if(!authenticate(username,pwd)){
httpServletResponse.sendError(500,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
return null;
}
}
httpServletRequest.getSession().setAttribute("ssoLogin",CallBack+"({'query':{'results':{'postresult':'portal_ssologin_succeed'}}});");
com.keymobile.proxy.model.User user = portalService.getUserByUserId(username);
......@@ -116,6 +129,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
httpServletResponse.sendError(500,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
return null;
}
if (! authAdLogin) {
if (! StringUtils.equals(user.getPassword(), portal_password)) {
logger.error(username + " password:" + portal_password + " is error");
httpServletResponse.sendError(500,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
return null;
}
}
List<GrantedAuthority> authorities = new ArrayList<>();
String userName = user.getUserId() + ":" + user.getId() + ":" + user.getDisname() + ":" + user.getOrgNo();
List<String> authors = portalService.getByUserId(username);
......@@ -133,46 +153,42 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
return authenticationFilter;
}
/**
* 验证用户登录
*
* @param userName
* @param userID
* String 用户名格式为 username或者username@hntobacco.com
湖南内网的domain必须是@hntobacco.com,不是hnyc.com
* @param password
* String
* @return boolean
*/
public boolean authenticate(String userName, String password) {
public boolean authenticate(String userID, String password) {
if (password != null && !"".equals(password.trim())) {
DirContext ctx1;
try {
String domain = "@hntobacco.com";
String domain = "@" + authDomain;
Properties ldapEnv = new Properties();
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://hntobacco.com:389");//服务器必须配置DNS,否则无法解析hntobacc.com
ldapEnv.put(Context.PROVIDER_URL, providerUrl);//服务器必须配置DNS,否则无法解析hntobacc.com
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
String user = userName.indexOf(domain) > 0 ? userName : userName
String user = userID.indexOf(domain) > 0 ? userID : userID
+ domain;
ldapEnv.put(Context.SECURITY_PRINCIPAL, user);
ldapEnv.put(Context.SECURITY_CREDENTIALS, password);
ctx1 = new InitialDirContext(ldapEnv);
ctx1.close();
logger.info("登录验证成功!");
return true;
} catch (javax.naming.AuthenticationException e) {
logger.info("登录失败!"+e.getLocalizedMessage());
} catch (AuthenticationException e) {
System.out.println("登录失败!");
e.printStackTrace();
return false;
} catch (NamingException e) {
logger.info("登录失败!"+e.getLocalizedMessage());
e.printStackTrace();
return false;
}
} else {
logger.info("登录验证失败!");
return false;
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment