This is an automated email from the ASF dual-hosted git repository.

benjobs pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git


The following commit(s) were added to refs/heads/dev by this push:
     new 05fb93ce2 [Improve]Splitting ldap logic (#1836)
05fb93ce2 is described below

commit 05fb93ce2c57408fcb32c4dc46065f60d6a7858a
Author: monster <[email protected]>
AuthorDate: Tue Oct 18 11:13:01 2022 +0800

    [Improve]Splitting ldap logic (#1836)
    
    * [Improve]Splitting ldap logic
---
 .../system/controller/PassportController.java      | 64 +++++++++++--------
 .../console/system/security/Authenticator.java     |  5 +-
 .../console/system/security/SecurityConfig.java    | 74 ----------------------
 ...apAuthenticator.java => AuthenticatorImpl.java} | 55 +++++++++-------
 .../system/security/impl/ldap/LdapService.java     | 36 +++++++++--
 .../LdapUserNotExistActionType.java}               | 30 ++++-----
 .../security/impl/pwd/PasswordAuthenticator.java   | 43 -------------
 .../src/main/resources/application.yml             | 16 ++---
 8 files changed, 121 insertions(+), 202 deletions(-)

diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
index adca4c6df..feb86e09d 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
@@ -67,39 +67,22 @@ public class PassportController {
     public RestResponse signin(
         @NotBlank(message = "{required}") String username,
         @NotBlank(message = "{required}") String password) throws Exception {
-
         if (StringUtils.isEmpty(username)) {
             return RestResponse.success().put("code", 0);
         }
-
         User user = authenticator.authenticate(username, password);
+        return login(username, password, user);
+    }
 
-        if (user == null) {
+    @PostMapping("ldapSignin")
+    public RestResponse ldapSignin(
+        @NotBlank(message = "{required}") String username,
+        @NotBlank(message = "{required}") String password) throws Exception {
+        if (StringUtils.isEmpty(username)) {
             return RestResponse.success().put("code", 0);
         }
-
-        if (User.STATUS_LOCK.equals(user.getStatus())) {
-            return RestResponse.success().put("code", 1);
-        }
-
-        userService.fillInTeam(user);
-
-        //no team.
-        if (user.getTeamId() == null) {
-            return RestResponse.success().data(user.getUserId()).put("code", 
ResponseCode.CODE_FORBIDDEN);
-        }
-
-        password = ShaHashUtils.encrypt(user.getSalt(), password);
-
-        this.userService.updateLoginTime(username);
-        String token = WebUtils.encryptToken(JWTUtil.sign(username, password));
-        LocalDateTime expireTime = 
LocalDateTime.now().plusSeconds(properties.getJwtTimeOut());
-        String expireTimeStr = DateUtils.formatFullTime(expireTime);
-        JWTToken jwtToken = new JWTToken(token, expireTimeStr);
-        String userId = RandomStringUtils.randomAlphanumeric(20);
-        user.setId(userId);
-        Map<String, Object> userInfo = this.generateUserInfo(jwtToken, user);
-        return new RestResponse().data(userInfo);
+        User user = authenticator.ldapAuthenticate(username, password);
+        return login(username, password, user);
     }
 
     @PostMapping("signout")
@@ -131,4 +114,31 @@ public class PassportController {
         return userInfo;
     }
 
-}
+    private RestResponse login(String username, String password, User user) 
throws Exception {
+        if (user == null) {
+            return RestResponse.success().put("code", 0);
+        }
+
+        if (User.STATUS_LOCK.equals(user.getStatus())) {
+            return RestResponse.success().put("code", 1);
+        }
+
+        userService.fillInTeam(user);
+
+        //no team.
+        if (user.getTeamId() == null) {
+            return RestResponse.success().data(user.getUserId()).put("code", 
ResponseCode.CODE_FORBIDDEN);
+        }
+
+        password = ShaHashUtils.encrypt(user.getSalt(), password);
+
+        this.userService.updateLoginTime(username);
+        String token = WebUtils.encryptToken(JWTUtil.sign(username, password));
+        LocalDateTime expireTime = 
LocalDateTime.now().plusSeconds(properties.getJwtTimeOut());
+        String expireTimeStr = DateUtils.formatFullTime(expireTime);
+        JWTToken jwtToken = new JWTToken(token, expireTimeStr);
+        String userId = RandomStringUtils.randomAlphanumeric(20);
+        user.setId(userId);
+        return new RestResponse().data(this.generateUserInfo(jwtToken, user));
+    }
+}
\ No newline at end of file
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/Authenticator.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/Authenticator.java
index f52f3edf4..8c27138fe 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/Authenticator.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/Authenticator.java
@@ -22,10 +22,13 @@ import org.apache.streampark.console.system.entity.User;
 public interface Authenticator {
     /**
      * Verifying legality via username and password
+     *
      * @param username username
      * @param password user password
      * @return result object
      */
     User authenticate(String username, String password) throws Exception;
 
-}
+    User ldapAuthenticate(String username, String password) throws Exception;
+
+}
\ No newline at end of file
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/SecurityConfig.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/SecurityConfig.java
deleted file mode 100644
index 5a6aae275..000000000
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/SecurityConfig.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.streampark.console.system.security;
-
-import 
org.apache.streampark.console.system.security.impl.ldap.LdapAuthenticator;
-import 
org.apache.streampark.console.system.security.impl.pwd.PasswordAuthenticator;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-@Configuration
-public class SecurityConfig {
-    private static final Logger LOG = 
LoggerFactory.getLogger(SecurityConfig.class);
-
-    @Value("${security.authentication.type:PASSWORD}")
-    private String type;
-
-    private final AutowireCapableBeanFactory beanFactory;
-    private AuthenticationType authenticationType;
-
-    @Autowired
-    public SecurityConfig(AutowireCapableBeanFactory beanFactory) {
-        this.beanFactory = beanFactory;
-    }
-
-    private void setAuthenticationType(String type) {
-        if (StringUtils.isBlank(type)) {
-            LOG.info("security.authentication.type configuration is empty, the 
default value 'PASSWORD'");
-            this.authenticationType = AuthenticationType.PASSWORD;
-            return;
-        }
-
-        this.authenticationType = AuthenticationType.valueOf(type);
-    }
-
-    @Bean(name = "authenticator")
-    public Authenticator authenticator() {
-        setAuthenticationType(type);
-        Authenticator authenticator;
-        switch (authenticationType) {
-            case PASSWORD:
-                authenticator = new PasswordAuthenticator();
-                break;
-            case LDAP:
-                authenticator = new LdapAuthenticator();
-                break;
-            default:
-                throw new IllegalStateException("Unexpected value: " + 
authenticationType);
-        }
-        beanFactory.autowireBean(authenticator);
-        return authenticator;
-    }
-}
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapAuthenticator.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
similarity index 55%
rename from 
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapAuthenticator.java
rename to 
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
index 69e68d56b..86dd93d05 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapAuthenticator.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
@@ -15,51 +15,60 @@
  * limitations under the License.
  */
 
-package org.apache.streampark.console.system.security.impl.ldap;
+package org.apache.streampark.console.system.security.impl;
 
 import org.apache.streampark.console.base.util.ShaHashUtils;
+import org.apache.streampark.console.core.enums.UserType;
 import org.apache.streampark.console.system.entity.User;
-import 
org.apache.streampark.console.system.security.impl.AbstractAuthenticator;
-import 
org.apache.streampark.console.system.security.impl.pwd.PasswordAuthenticator;
+import org.apache.streampark.console.system.security.Authenticator;
+import org.apache.streampark.console.system.security.impl.ldap.LdapService;
 import org.apache.streampark.console.system.service.UserService;
 
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
 
 import java.util.Date;
 
-public class LdapAuthenticator extends AbstractAuthenticator {
+@Component
+public class AuthenticatorImpl implements Authenticator {
     @Autowired
     private UserService usersService;
     @Autowired
     private LdapService ldapService;
 
-    @Autowired
-    private PasswordAuthenticator passwordAuthenticator;
-
     @Override
-    public User login(String userId, String password) throws Exception {
-        // admin login by username and password
-        if ("admin".equals(userId)) {
-            return passwordAuthenticator.login(userId, password);
+    public User authenticate(String username, String password) {
+        User user = usersService.findByName(username);
+        if (user == null) {
+            return null;
         }
-        String ldapUser = ldapService.ldapLogin(userId, password);
-        // ldapUser is null, login by default
-        if (ldapUser == null) {
-            return passwordAuthenticator.login(userId, password);
+        String salt = user.getSalt();
+        password = ShaHashUtils.encrypt(salt, password);
+        if (!StringUtils.equals(user.getPassword(), password)) {
+            return null;
+        }
+        return user;
+    }
+
+    @Override
+    public User ldapAuthenticate(String username, String password) throws 
Exception {
+        String ldapEmail = ldapService.ldapLogin(username, password);
+        if (ldapEmail == null) {
+            return null;
         }
         //check if user exist
-        User user = usersService.findByName(userId);
-        if (user != null) {
-            return passwordAuthenticator.login(userId, password);
+        User user = usersService.findByName(username);
+        if (user != null || !ldapService.createIfUserNotExists()) {
+            return user;
         }
-        // create ....
         User newUser = new User();
         newUser.setCreateTime(new Date());
-        newUser.setUsername(userId);
-        newUser.setNickName(userId);
+        newUser.setUsername(username);
+        newUser.setNickName(username);
+        newUser.setUserType(UserType.USER);
         newUser.setStatus("1");
         newUser.setSex("1");
-
         String salt = ShaHashUtils.getRandomSalt();
         String saltPass = ShaHashUtils.encrypt(salt, password);
         newUser.setSalt(salt);
@@ -67,4 +76,4 @@ public class LdapAuthenticator extends AbstractAuthenticator {
         usersService.createUser(newUser);
         return newUser;
     }
-}
+}
\ No newline at end of file
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapService.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapService.java
index 4c2d60511..14bd68928 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapService.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapService.java
@@ -18,6 +18,9 @@
 package org.apache.streampark.console.system.security.impl.ldap;
 
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.stereotype.Component;
@@ -38,24 +41,30 @@ import java.util.Properties;
 @Configuration
 @Slf4j
 public class LdapService {
-    @Value("${ldap.urls:null}")
+
+    private static final Logger LOG = 
LoggerFactory.getLogger(LdapService.class);
+
+    @Value("${ldap.urls:#{null}}")
     private String ldapUrls;
 
-    @Value("${ldap.embedded.base-dn:null}")
+    @Value("${ldap.base-dn:#{null}}")
     private String ldapBaseDn;
 
-    @Value("${ldap.username:null}")
+    @Value("${ldap.username:#{null}}")
     private String ldapSecurityPrincipal;
 
-    @Value("${ldap.password:null}")
+    @Value("${ldap.password:#{null}}")
     private String ldapPrincipalPassword;
 
-    @Value("${ldap.user.identity.attribute:null}")
+    @Value("${ldap.user.identity-attribute:#{null}}")
     private String ldapUserIdentifyingAttribute;
 
-    @Value("${ldap.user.email.attribute:null}")
+    @Value("${ldap.user.email-attribute:#{null}}")
     private String ldapEmailAttribute;
 
+    @Value("${ldap.user.not-exist-action:CREATE}")
+    private String ldapUserNotExistAction;
+
     /**
      * login by userId and return user email
      *
@@ -116,4 +125,17 @@ public class LdapService {
         env.put(Context.PROVIDER_URL, ldapUrls);
         return env;
     }
-}
+
+    public LdapUserNotExistActionType getLdapUserNotExistAction() {
+        if (StringUtils.isBlank(ldapUserNotExistAction)) {
+            LOG.info("security.authentication.ldap.user.not.exist.action 
configuration is empty, the default value 'CREATE'");
+            return LdapUserNotExistActionType.CREATE;
+        }
+
+        return LdapUserNotExistActionType.valueOf(ldapUserNotExistAction);
+    }
+
+    public boolean createIfUserNotExists() {
+        return getLdapUserNotExistAction() == 
LdapUserNotExistActionType.CREATE;
+    }
+}
\ No newline at end of file
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AbstractAuthenticator.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapUserNotExistActionType.java
similarity index 55%
rename from 
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AbstractAuthenticator.java
rename to 
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapUserNotExistActionType.java
index edb82e433..61246f298 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AbstractAuthenticator.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapUserNotExistActionType.java
@@ -15,24 +15,22 @@
  * limitations under the License.
  */
 
-package org.apache.streampark.console.system.security.impl;
+package org.apache.streampark.console.system.security.impl.ldap;
 
-import org.apache.streampark.console.system.entity.User;
-import org.apache.streampark.console.system.security.Authenticator;
+import com.baomidou.mybatisplus.annotation.EnumValue;
 
-public abstract class AbstractAuthenticator implements Authenticator {
+public enum LdapUserNotExistActionType {
 
-    /**
-     * user login and return user in db
-     *
-     * @param userId user identity field
-     * @param password user login password
-     * @return user object in databse
-     */
-    public abstract User login(String userId, String password) throws 
Exception;
+    CREATE(0, "automatically create user when user not exist"),
+    DENY(1, "deny log-in when user not exist"),
+    ;
 
-    @Override
-    public User authenticate(String username, String password) throws 
Exception {
-        return login(username, password);
+    LdapUserNotExistActionType(int code, String desc) {
+        this.code = code;
+        this.desc = desc;
     }
-}
+
+    @EnumValue
+    private final int code;
+    private final String desc;
+}
\ No newline at end of file
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/pwd/PasswordAuthenticator.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/pwd/PasswordAuthenticator.java
deleted file mode 100644
index f762d9e1f..000000000
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/pwd/PasswordAuthenticator.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.streampark.console.system.security.impl.pwd;
-
-import org.apache.streampark.console.base.util.ShaHashUtils;
-import org.apache.streampark.console.system.entity.User;
-import org.apache.streampark.console.system.security.Authenticator;
-import 
org.apache.streampark.console.system.security.impl.AbstractAuthenticator;
-import org.apache.streampark.console.system.service.UserService;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-
-public class PasswordAuthenticator extends AbstractAuthenticator implements 
Authenticator {
-    @Autowired
-    private UserService usersService;
-
-    @Override
-    public User login(String userId, String password) {
-        User user = usersService.findByName(userId);
-        String salt = user.getSalt();
-        password = ShaHashUtils.encrypt(salt, password);
-        if (!StringUtils.equals(user.getPassword(), password)) {
-            return null;
-        }
-        return user;
-    }
-}
diff --git 
a/streampark-console/streampark-console-service/src/main/resources/application.yml
 
b/streampark-console/streampark-console-service/src/main/resources/application.yml
index 425e4b528..0b9751e63 100644
--- 
a/streampark-console/streampark-console-service/src/main/resources/application.yml
+++ 
b/streampark-console/streampark-console-service/src/main/resources/application.yml
@@ -132,21 +132,15 @@ streampark:
       /*.less,
       /
 
-## select the login mode: 1. PASSWORD 2.LDAP
-security:
-  authentication:
-    type: PASSWORD
-
 ldap:
   ## AD server IP, default port 389
   urls: ldap://99.99.99.99:389
   ## Login Account
+  base-dn: dc=streampark,dc=com
   username: cn=Manager,dc=streampark,dc=com
   password: streampark
-  embedded:
-    base-dn: dc=streampark,dc=com
   user:
-    identity:
-      attribute: cn
-    email:
-      attribute: mail
+    identity-attribute: uid
+    email-attribute: mail
+    # action when ldap user is not exist (supported types: CREATE,DENY)
+    not-exist-action: CREATE

Reply via email to