This is an automated email from the ASF dual-hosted git repository.
benjobs pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git
The following commit(s) were added to refs/heads/dev by this push:
new 05fb93ce2 [Improve]Splitting ldap logic (#1836)
05fb93ce2 is described below
commit 05fb93ce2c57408fcb32c4dc46065f60d6a7858a
Author: monster <[email protected]>
AuthorDate: Tue Oct 18 11:13:01 2022 +0800
[Improve]Splitting ldap logic (#1836)
* [Improve]Splitting ldap logic
---
.../system/controller/PassportController.java | 64 +++++++++++--------
.../console/system/security/Authenticator.java | 5 +-
.../console/system/security/SecurityConfig.java | 74 ----------------------
...apAuthenticator.java => AuthenticatorImpl.java} | 55 +++++++++-------
.../system/security/impl/ldap/LdapService.java | 36 +++++++++--
.../LdapUserNotExistActionType.java} | 30 ++++-----
.../security/impl/pwd/PasswordAuthenticator.java | 43 -------------
.../src/main/resources/application.yml | 16 ++---
8 files changed, 121 insertions(+), 202 deletions(-)
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
index adca4c6df..feb86e09d 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/PassportController.java
@@ -67,39 +67,22 @@ public class PassportController {
public RestResponse signin(
@NotBlank(message = "{required}") String username,
@NotBlank(message = "{required}") String password) throws Exception {
-
if (StringUtils.isEmpty(username)) {
return RestResponse.success().put("code", 0);
}
-
User user = authenticator.authenticate(username, password);
+ return login(username, password, user);
+ }
- if (user == null) {
+ @PostMapping("ldapSignin")
+ public RestResponse ldapSignin(
+ @NotBlank(message = "{required}") String username,
+ @NotBlank(message = "{required}") String password) throws Exception {
+ if (StringUtils.isEmpty(username)) {
return RestResponse.success().put("code", 0);
}
-
- if (User.STATUS_LOCK.equals(user.getStatus())) {
- return RestResponse.success().put("code", 1);
- }
-
- userService.fillInTeam(user);
-
- //no team.
- if (user.getTeamId() == null) {
- return RestResponse.success().data(user.getUserId()).put("code",
ResponseCode.CODE_FORBIDDEN);
- }
-
- password = ShaHashUtils.encrypt(user.getSalt(), password);
-
- this.userService.updateLoginTime(username);
- String token = WebUtils.encryptToken(JWTUtil.sign(username, password));
- LocalDateTime expireTime =
LocalDateTime.now().plusSeconds(properties.getJwtTimeOut());
- String expireTimeStr = DateUtils.formatFullTime(expireTime);
- JWTToken jwtToken = new JWTToken(token, expireTimeStr);
- String userId = RandomStringUtils.randomAlphanumeric(20);
- user.setId(userId);
- Map<String, Object> userInfo = this.generateUserInfo(jwtToken, user);
- return new RestResponse().data(userInfo);
+ User user = authenticator.ldapAuthenticate(username, password);
+ return login(username, password, user);
}
@PostMapping("signout")
@@ -131,4 +114,31 @@ public class PassportController {
return userInfo;
}
-}
+ private RestResponse login(String username, String password, User user)
throws Exception {
+ if (user == null) {
+ return RestResponse.success().put("code", 0);
+ }
+
+ if (User.STATUS_LOCK.equals(user.getStatus())) {
+ return RestResponse.success().put("code", 1);
+ }
+
+ userService.fillInTeam(user);
+
+ //no team.
+ if (user.getTeamId() == null) {
+ return RestResponse.success().data(user.getUserId()).put("code",
ResponseCode.CODE_FORBIDDEN);
+ }
+
+ password = ShaHashUtils.encrypt(user.getSalt(), password);
+
+ this.userService.updateLoginTime(username);
+ String token = WebUtils.encryptToken(JWTUtil.sign(username, password));
+ LocalDateTime expireTime =
LocalDateTime.now().plusSeconds(properties.getJwtTimeOut());
+ String expireTimeStr = DateUtils.formatFullTime(expireTime);
+ JWTToken jwtToken = new JWTToken(token, expireTimeStr);
+ String userId = RandomStringUtils.randomAlphanumeric(20);
+ user.setId(userId);
+ return new RestResponse().data(this.generateUserInfo(jwtToken, user));
+ }
+}
\ No newline at end of file
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/Authenticator.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/Authenticator.java
index f52f3edf4..8c27138fe 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/Authenticator.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/Authenticator.java
@@ -22,10 +22,13 @@ import org.apache.streampark.console.system.entity.User;
public interface Authenticator {
/**
* Verifying legality via username and password
+ *
* @param username username
* @param password user password
* @return result object
*/
User authenticate(String username, String password) throws Exception;
-}
+ User ldapAuthenticate(String username, String password) throws Exception;
+
+}
\ No newline at end of file
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/SecurityConfig.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/SecurityConfig.java
deleted file mode 100644
index 5a6aae275..000000000
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/SecurityConfig.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.streampark.console.system.security;
-
-import
org.apache.streampark.console.system.security.impl.ldap.LdapAuthenticator;
-import
org.apache.streampark.console.system.security.impl.pwd.PasswordAuthenticator;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-@Configuration
-public class SecurityConfig {
- private static final Logger LOG =
LoggerFactory.getLogger(SecurityConfig.class);
-
- @Value("${security.authentication.type:PASSWORD}")
- private String type;
-
- private final AutowireCapableBeanFactory beanFactory;
- private AuthenticationType authenticationType;
-
- @Autowired
- public SecurityConfig(AutowireCapableBeanFactory beanFactory) {
- this.beanFactory = beanFactory;
- }
-
- private void setAuthenticationType(String type) {
- if (StringUtils.isBlank(type)) {
- LOG.info("security.authentication.type configuration is empty, the
default value 'PASSWORD'");
- this.authenticationType = AuthenticationType.PASSWORD;
- return;
- }
-
- this.authenticationType = AuthenticationType.valueOf(type);
- }
-
- @Bean(name = "authenticator")
- public Authenticator authenticator() {
- setAuthenticationType(type);
- Authenticator authenticator;
- switch (authenticationType) {
- case PASSWORD:
- authenticator = new PasswordAuthenticator();
- break;
- case LDAP:
- authenticator = new LdapAuthenticator();
- break;
- default:
- throw new IllegalStateException("Unexpected value: " +
authenticationType);
- }
- beanFactory.autowireBean(authenticator);
- return authenticator;
- }
-}
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapAuthenticator.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
similarity index 55%
rename from
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapAuthenticator.java
rename to
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
index 69e68d56b..86dd93d05 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapAuthenticator.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
@@ -15,51 +15,60 @@
* limitations under the License.
*/
-package org.apache.streampark.console.system.security.impl.ldap;
+package org.apache.streampark.console.system.security.impl;
import org.apache.streampark.console.base.util.ShaHashUtils;
+import org.apache.streampark.console.core.enums.UserType;
import org.apache.streampark.console.system.entity.User;
-import
org.apache.streampark.console.system.security.impl.AbstractAuthenticator;
-import
org.apache.streampark.console.system.security.impl.pwd.PasswordAuthenticator;
+import org.apache.streampark.console.system.security.Authenticator;
+import org.apache.streampark.console.system.security.impl.ldap.LdapService;
import org.apache.streampark.console.system.service.UserService;
+import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
import java.util.Date;
-public class LdapAuthenticator extends AbstractAuthenticator {
+@Component
+public class AuthenticatorImpl implements Authenticator {
@Autowired
private UserService usersService;
@Autowired
private LdapService ldapService;
- @Autowired
- private PasswordAuthenticator passwordAuthenticator;
-
@Override
- public User login(String userId, String password) throws Exception {
- // admin login by username and password
- if ("admin".equals(userId)) {
- return passwordAuthenticator.login(userId, password);
+ public User authenticate(String username, String password) {
+ User user = usersService.findByName(username);
+ if (user == null) {
+ return null;
}
- String ldapUser = ldapService.ldapLogin(userId, password);
- // ldapUser is null, login by default
- if (ldapUser == null) {
- return passwordAuthenticator.login(userId, password);
+ String salt = user.getSalt();
+ password = ShaHashUtils.encrypt(salt, password);
+ if (!StringUtils.equals(user.getPassword(), password)) {
+ return null;
+ }
+ return user;
+ }
+
+ @Override
+ public User ldapAuthenticate(String username, String password) throws
Exception {
+ String ldapEmail = ldapService.ldapLogin(username, password);
+ if (ldapEmail == null) {
+ return null;
}
//check if user exist
- User user = usersService.findByName(userId);
- if (user != null) {
- return passwordAuthenticator.login(userId, password);
+ User user = usersService.findByName(username);
+ if (user != null || !ldapService.createIfUserNotExists()) {
+ return user;
}
- // create ....
User newUser = new User();
newUser.setCreateTime(new Date());
- newUser.setUsername(userId);
- newUser.setNickName(userId);
+ newUser.setUsername(username);
+ newUser.setNickName(username);
+ newUser.setUserType(UserType.USER);
newUser.setStatus("1");
newUser.setSex("1");
-
String salt = ShaHashUtils.getRandomSalt();
String saltPass = ShaHashUtils.encrypt(salt, password);
newUser.setSalt(salt);
@@ -67,4 +76,4 @@ public class LdapAuthenticator extends AbstractAuthenticator {
usersService.createUser(newUser);
return newUser;
}
-}
+}
\ No newline at end of file
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapService.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapService.java
index 4c2d60511..14bd68928 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapService.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapService.java
@@ -18,6 +18,9 @@
package org.apache.streampark.console.system.security.impl.ldap;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
@@ -38,24 +41,30 @@ import java.util.Properties;
@Configuration
@Slf4j
public class LdapService {
- @Value("${ldap.urls:null}")
+
+ private static final Logger LOG =
LoggerFactory.getLogger(LdapService.class);
+
+ @Value("${ldap.urls:#{null}}")
private String ldapUrls;
- @Value("${ldap.embedded.base-dn:null}")
+ @Value("${ldap.base-dn:#{null}}")
private String ldapBaseDn;
- @Value("${ldap.username:null}")
+ @Value("${ldap.username:#{null}}")
private String ldapSecurityPrincipal;
- @Value("${ldap.password:null}")
+ @Value("${ldap.password:#{null}}")
private String ldapPrincipalPassword;
- @Value("${ldap.user.identity.attribute:null}")
+ @Value("${ldap.user.identity-attribute:#{null}}")
private String ldapUserIdentifyingAttribute;
- @Value("${ldap.user.email.attribute:null}")
+ @Value("${ldap.user.email-attribute:#{null}}")
private String ldapEmailAttribute;
+ @Value("${ldap.user.not-exist-action:CREATE}")
+ private String ldapUserNotExistAction;
+
/**
* login by userId and return user email
*
@@ -116,4 +125,17 @@ public class LdapService {
env.put(Context.PROVIDER_URL, ldapUrls);
return env;
}
-}
+
+ public LdapUserNotExistActionType getLdapUserNotExistAction() {
+ if (StringUtils.isBlank(ldapUserNotExistAction)) {
+ LOG.info("security.authentication.ldap.user.not.exist.action
configuration is empty, the default value 'CREATE'");
+ return LdapUserNotExistActionType.CREATE;
+ }
+
+ return LdapUserNotExistActionType.valueOf(ldapUserNotExistAction);
+ }
+
+ public boolean createIfUserNotExists() {
+ return getLdapUserNotExistAction() ==
LdapUserNotExistActionType.CREATE;
+ }
+}
\ No newline at end of file
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AbstractAuthenticator.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapUserNotExistActionType.java
similarity index 55%
rename from
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AbstractAuthenticator.java
rename to
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapUserNotExistActionType.java
index edb82e433..61246f298 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AbstractAuthenticator.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/ldap/LdapUserNotExistActionType.java
@@ -15,24 +15,22 @@
* limitations under the License.
*/
-package org.apache.streampark.console.system.security.impl;
+package org.apache.streampark.console.system.security.impl.ldap;
-import org.apache.streampark.console.system.entity.User;
-import org.apache.streampark.console.system.security.Authenticator;
+import com.baomidou.mybatisplus.annotation.EnumValue;
-public abstract class AbstractAuthenticator implements Authenticator {
+public enum LdapUserNotExistActionType {
- /**
- * user login and return user in db
- *
- * @param userId user identity field
- * @param password user login password
- * @return user object in databse
- */
- public abstract User login(String userId, String password) throws
Exception;
+ CREATE(0, "automatically create user when user not exist"),
+ DENY(1, "deny log-in when user not exist"),
+ ;
- @Override
- public User authenticate(String username, String password) throws
Exception {
- return login(username, password);
+ LdapUserNotExistActionType(int code, String desc) {
+ this.code = code;
+ this.desc = desc;
}
-}
+
+ @EnumValue
+ private final int code;
+ private final String desc;
+}
\ No newline at end of file
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/pwd/PasswordAuthenticator.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/pwd/PasswordAuthenticator.java
deleted file mode 100644
index f762d9e1f..000000000
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/pwd/PasswordAuthenticator.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.streampark.console.system.security.impl.pwd;
-
-import org.apache.streampark.console.base.util.ShaHashUtils;
-import org.apache.streampark.console.system.entity.User;
-import org.apache.streampark.console.system.security.Authenticator;
-import
org.apache.streampark.console.system.security.impl.AbstractAuthenticator;
-import org.apache.streampark.console.system.service.UserService;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-
-public class PasswordAuthenticator extends AbstractAuthenticator implements
Authenticator {
- @Autowired
- private UserService usersService;
-
- @Override
- public User login(String userId, String password) {
- User user = usersService.findByName(userId);
- String salt = user.getSalt();
- password = ShaHashUtils.encrypt(salt, password);
- if (!StringUtils.equals(user.getPassword(), password)) {
- return null;
- }
- return user;
- }
-}
diff --git
a/streampark-console/streampark-console-service/src/main/resources/application.yml
b/streampark-console/streampark-console-service/src/main/resources/application.yml
index 425e4b528..0b9751e63 100644
---
a/streampark-console/streampark-console-service/src/main/resources/application.yml
+++
b/streampark-console/streampark-console-service/src/main/resources/application.yml
@@ -132,21 +132,15 @@ streampark:
/*.less,
/
-## select the login mode: 1. PASSWORD 2.LDAP
-security:
- authentication:
- type: PASSWORD
-
ldap:
## AD server IP, default port 389
urls: ldap://99.99.99.99:389
## Login Account
+ base-dn: dc=streampark,dc=com
username: cn=Manager,dc=streampark,dc=com
password: streampark
- embedded:
- base-dn: dc=streampark,dc=com
user:
- identity:
- attribute: cn
- email:
- attribute: mail
+ identity-attribute: uid
+ email-attribute: mail
+ # action when ldap user is not exist (supported types: CREATE,DENY)
+ not-exist-action: CREATE