ldap账号登录设置默认角色和新增白名单校验

b7a61c96 · xieshaohua · 197e182c · b7a61c96 · b7a61c96 · b7a61c96
Commit b7a61c96 authored Apr 18, 2025 by xieshaohua
5 changed files
--- a/src/main/java/com/keymobile/login/api/ADApi.java
+++ b/src/main/java/com/keymobile/login/api/ADApi.java
 package com.keymobile.login.api;
 import com.keymobile.login.persistence.model.LdapInfo;
+import com.keymobile.login.persistence.model.LdapWhiteList;
 import com.keymobile.login.service.ADService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -219,4 +220,25 @@ public class ADApi {
    }
+    @ApiOperation(value = "保存ldap白名单")
+    @PostMapping(value = "/saveWhiteList")
+    public LdapWhiteList saveWhiteList(@RequestBody LdapWhiteList whiteList) {
+        return adService.saveWhiteList(whiteList);
+    }
+    @ApiOperation(value = "删除ldap白名单")
+    @DeleteMapping(value = "/deleteWhiteList")
+    public void deleteWhiteList(@RequestParam(required = false) String username) {
+        adService.deleteWhiteList(username);
+    }
+    @ApiOperation(value = "获取ldap白名单")
+    @DeleteMapping(value = "/listWhiteList")
+    public List<LdapWhiteList> listWhiteList() {
+        return adService.listWhiteList();
+    }
 }
--- a/src/main/java/com/keymobile/login/persistence/LdapWhiteListRepository.java
+++ b/src/main/java/com/keymobile/login/persistence/LdapWhiteListRepository.java
+package com.keymobile.login.persistence;
+import com.keymobile.login.persistence.model.LdapWhiteList;
+import org.springframework.data.repository.CrudRepository;
+import javax.transaction.Transactional;
+@Transactional
+public interface LdapWhiteListRepository extends CrudRepository<LdapWhiteList, String> {
+}
--- a/src/main/java/com/keymobile/login/persistence/model/LdapWhiteList.java
+++ b/src/main/java/com/keymobile/login/persistence/model/LdapWhiteList.java
+package com.keymobile.login.persistence.model;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Table;
+/**
+ * @author xiesh
+ * @version 1.0.0
+ * @date 2024/4/26
+ * @desc
+ */
+@Entity
+@Table(name = "sso_ldap_white_list")
+public class LdapWhiteList {
+    @Id
+    @Column(name = "USER_NAME", nullable = false)
+    private String username;
+    @Column(name = "DNAME")
+    private String dname;
+    public String getUsername() {
+        return username;
+    }
+    public void setUsername(String username) {
+        this.username = username;
+    }
+}
--- a/src/main/java/com/keymobile/login/service/ADService.java
+++ b/src/main/java/com/keymobile/login/service/ADService.java
 package com.keymobile.login.service;
 import com.keymobile.login.persistence.model.LdapInfo;
-import org.springframework.web.bind.annotation.RequestBody;
+import com.keymobile.login.persistence.model.LdapWhiteList;
 import javax.servlet.http.HttpServletRequest;
+import java.util.List;
 /**
 * @author xiesh
@@ -24,4 +25,9 @@ public interface ADService {
    String login(HttpServletRequest request, String username, String password) ;
+    LdapWhiteList saveWhiteList(LdapWhiteList whiteList);
+    void deleteWhiteList(String username);
+    List<LdapWhiteList> listWhiteList();
 }
--- a/src/main/java/com/keymobile/login/service/impl/ADServiceImpl.java
+++ b/src/main/java/com/keymobile/login/service/impl/ADServiceImpl.java
@@ -8,7 +8,9 @@ import com.keymobile.login.exception.LdapException;
 import com.keymobile.login.logging.LogConstants;
 import com.keymobile.login.logging.LogManager;
 import com.keymobile.login.persistence.LdapInfoRepository;
+import com.keymobile.login.persistence.LdapWhiteListRepository;
 import com.keymobile.login.persistence.model.LdapInfo;
+import com.keymobile.login.persistence.model.LdapWhiteList;
 import com.keymobile.login.service.ADService;
 import com.keymobile.login.service.AuthRemoteService;
 import com.keymobile.login.util.AES;
@@ -17,6 +19,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -46,6 +49,8 @@ public class ADServiceImpl implements ADService {
    @Autowired
    private LdapInfoRepository ldapInfoRepository;
+    @Autowired
+    private LdapWhiteListRepository ldapWhiteListRepository;
    private static final Logger logger = LoggerFactory.getLogger(ADApi.class);
    private static String DEFAULT_TIME_OUT = "5000";
@@ -63,6 +68,11 @@ public class ADServiceImpl implements ADService {
    public static final String LADP_CN = "cn";
+    @Value("${ad.defaultRoleId:2}")
+    private Long defaultRoleId;
+    @Value("${ad.limit:true")
+    private Boolean adLimit;
    @Override
    public LdapInfo saveLdapInfo(LdapInfo ldapInfo) {
@@ -132,6 +142,9 @@ public class ADServiceImpl implements ADService {
    @Override
    public String login(HttpServletRequest request, String username, String password) {
        String result = null;
+        if (!checkWhiteList(username)) {
+            return "用户无权访问";
+        }
        try {
            result = ldapAuthentication(username, password);
            if (StringUtils.equals(result, "ok")) {
@@ -143,8 +156,15 @@ public class ADServiceImpl implements ADService {
                    toAdd.put("dname", ldapUserInfo.get(LADP_CN) == null ? username : ldapUserInfo.get(LADP_CN));
                    //不能被匹配的加密字符
                    toAdd.put("password", "37fa265330ad83eaa879efb12312db6380896cf639");
-                    logger.info("新增用户：{}", toAdd);
+                    //添加默认角色
-                    authService.addUser(toAdd);
+                    List<Map<String, Object>> dataRoleAbstracts = new ArrayList<>();
+                    Map<String, Object> roleMap = new HashMap<>();
+                    roleMap.put("id", defaultRoleId);
+                    dataRoleAbstracts.add(roleMap);
+                    toAdd.put("dataRoleAbstracts", dataRoleAbstracts);
+                    Map<String,Object> addUser =  authService.addUser(toAdd);
+                    logger.info("新增用户：{}", addUser);
                }
                //设置用户session
                UserDetails userDetails = customizedUserDetailService.loadUserByUsername(username);
@@ -167,6 +187,26 @@ public class ADServiceImpl implements ADService {
        return result;
    }
+    @Override
+    public LdapWhiteList saveWhiteList(LdapWhiteList ldapWhiteList) {
+        return ldapWhiteListRepository.save(ldapWhiteList);
+    }
+    @Override
+    public void deleteWhiteList(String username) {
+        if (StringUtils.isNotBlank(username)) {
+            ldapWhiteListRepository.deleteById(username);
+        } else {
+            ldapWhiteListRepository.deleteAll();
+        }
+    }
+    @Override
+    public List<LdapWhiteList> listWhiteList() {
+        return (List<LdapWhiteList>)ldapWhiteListRepository.findAll();
+    }
    private Map<String, String> searchUserInfoByName(String searchName) throws Exception {
        LdapInfo ldapInfo = getLdapInfo();
@@ -242,5 +282,12 @@ public class ADServiceImpl implements ADService {
        return null;
    }
+    private Boolean checkWhiteList(String userName) {
+        if (!adLimit) {
+            return true;
+        }
+        return ldapWhiteListRepository.findById(userName).isPresent();
+    }
 }