ldap

src/main/java/cn/quantgroup/cashloanflowboss/api/login/auth/LDAPAuthentication.java

+package cn.quantgroup.cashloanflowboss.api.login.auth;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.exception.ExceptionUtils;
+
+import javax.naming.AuthenticationException;
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.Control;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.LdapContext;
+import java.util.Hashtable;
+
+@Slf4j
+public class LDAPAuthentication {
+    private final String URL = "ldap://ldap.quantgroups.com:389/";
+    private final String BASEDN = "ou=北京量科邦信息技术有限公司,dc=quantgroup,dc=cn";
+    private final String FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
+    private LdapContext ctx = null;
+    private final Control[] connCtls = null;
+
+    private void ldapConnect() {
+        Hashtable<String, String> env = new Hashtable<String, String>();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, FACTORY);
+        env.put(Context.PROVIDER_URL, URL + BASEDN);
+        env.put(Context.SECURITY_AUTHENTICATION, "simple");
+
+        String root = "cn=common_auth_query,cn=users,DC=quantgroup,DC=cn";// root
+        env.put(Context.SECURITY_PRINCIPAL, root);
+        env.put(Context.SECURITY_CREDENTIALS, "Quantgroup.com@2o17");
+        // 此处若不指定用户名和密码,则自动转换为匿名登录
+        try {
+            ctx = new InitialLdapContext(env, connCtls);
+        } catch (AuthenticationException e) {
+            log.error("验证失败：{}", ExceptionUtils.getStackTrace(e));
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+
+
+    private String getUserDN(String uid) {
+        String userDN = "";
+        ldapConnect();
+        try {
+            SearchControls constraints = new SearchControls();
+            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
+            NamingEnumeration<SearchResult> en = ctx.search("", "uid=" + uid, constraints);
+            if (en == null || !en.hasMoreElements()) {
+                log.info("未找到该用户,uid={}", uid);
+            }
+            // maybe more than one element
+            while (en != null && en.hasMoreElements()) {
+                Object obj = en.nextElement();
+                if (obj instanceof SearchResult) {
+                    SearchResult si = (SearchResult) obj;
+                    userDN += si.getName();
+                    userDN += "," + BASEDN;
+                } else {
+                    System.out.println(obj);
+                }
+            }
+        } catch (Exception e) {
+            log.error("异常：{}", ExceptionUtils.getStackTrace(e));
+            e.printStackTrace();
+        }
+
+        return userDN;
+    }
+
+    public boolean authenricate(String uid, String password) {
+        boolean valide = false;
+        String userDN = getUserDN(uid);
+
+        try {
+            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
+            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
+            ctx.reconnect(connCtls);
+            log.info("验证通过,uid={}", uid);
+            valide = true;
+        } catch (AuthenticationException e) {
+            log.error("异常：{}", ExceptionUtils.getStackTrace(e));
+            System.out.println(e.toString());
+            valide = false;
+        } catch (NamingException e) {
+            log.error("异常：{}", ExceptionUtils.getStackTrace(e));
+            valide = false;
+        }
+
+        return valide;
+    }
+
+}
\ No newline at end of file

src/main/java/cn/quantgroup/cashloanflowboss/api/login/service/LoginServiceImpl.java

 package cn.quantgroup.cashloanflowboss.api.login.service;
 
 import cn.quantgroup.cashloanflowboss.api.login.auth.ApiAuthService;
+import cn.quantgroup.cashloanflowboss.api.login.auth.LDAPAuthentication;
 import cn.quantgroup.cashloanflowboss.api.login.auth.model.LoginUser;
 import cn.quantgroup.cashloanflowboss.api.login.model.Principal;
 import cn.quantgroup.cashloanflowboss.api.role.entity.Role;
@@ -77,12 +78,27 @@ public class LoginServiceImpl implements LoginService {
         User user = this.userService.getUser(username);
         if (user == null) {
             // 如果没有user 查询量星球
-            JsonResult<LoginUser> result = apiAuthService.autoLogin(username + "@quantgroup.cn", password, "KA_MA");
-            if (!result.isSuccess() || result.getData() == null) {
-                log.info("登陆失败，username={}, msg={}", username, result.getMessage());
-                return new Tuple<>(ApplicationStatus.INVALID_USER, "");
-            } else {
-                LoginUser data = result.getData();
+//            JsonResult<LoginUser> result = apiAuthService.autoLogin(username + "@quantgroup.cn", password, "KA_MA");
+//            if (!result.isSuccess() || result.getData() == null) {
+//                log.info("登陆失败，username={}, msg={}", username, result.getMessage());
+//                return new Tuple<>(ApplicationStatus.INVALID_USER, "");
+//            } else {
+//                LoginUser data = result.getData();
+//                Role role = roleRepository.getByName("量化派操作员");
+//                user = new User();
+//                user.setId(-1L);
+//                user.setUsername(username);
+//                user.setNickname(data.getName());
+//                user.setPassword(MD5Tools.md5(password));
+//                user.setRank(UserRank.OPERATOR);
+//                user.setRole(role);
+//                user.setStatus(UserStatus.ENABLED);
+//            }
+
+            LDAPAuthentication ldapAuthentication = new LDAPAuthentication();
+            boolean b = ldapAuthentication.authenricate(username + "@quantgroup.cn", password);
+            if (b) {
+                LoginUser data = new LoginUser();
                 Role role = roleRepository.getByName("量化派操作员");
                 user = new User();
                 user.setId(-1L);
@@ -92,7 +108,11 @@ public class LoginServiceImpl implements LoginService {
                 user.setRank(UserRank.OPERATOR);
                 user.setRole(role);
                 user.setStatus(UserStatus.ENABLED);
+            } else {
+                log.info("登陆失败，username={}, msg={}", username, "ldap失败");
+                return new Tuple<>(ApplicationStatus.REENTRY_LOCK_EXCEPTION, "");
             }
+
         }
         // 检查用户是否被禁用
         if (UserStatus.DISABLED.equals(user.getStatus())) {

src/main/resources/logback-dev.xml

@@ -15,7 +15,7 @@
     <logger name="ch.qos.logback" level="warn"/>
 
 
-    <root level="INFO">
+    <root level="DEBUG">
         <appender-ref ref="CONSOLE" />
     </root>
 

src/test/java/cn/quantgroup/cashloanflowboss/ldap/LDAPAuthentication.java

+package cn.quantgroup.cashloanflowboss.ldap;
+
+import java.util.Hashtable;
+
+import javax.naming.AuthenticationException;
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.Control;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.LdapContext;
+
+public class LDAPAuthentication {
+    private final String URL = "ldap://ldap.quantgroups.com:389/";
+    private final String BASEDN = "ou=北京量科邦信息技术有限公司,dc=quantgroup,dc=cn";
+    private final String FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
+    private LdapContext ctx = null;
+    private final Control[] connCtls = null;
+
+    private void LDAP_connect() {
+        Hashtable<String, String> env = new Hashtable<String, String>();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, FACTORY);
+        env.put(Context.PROVIDER_URL, URL + BASEDN);
+        env.put(Context.SECURITY_AUTHENTICATION, "simple");
+
+        String root = "cn=common_auth_query,cn=users,DC=quantgroup,DC=cn";// root
+        env.put(Context.SECURITY_PRINCIPAL, root);
+        env.put(Context.SECURITY_CREDENTIALS, "Quantgroup.com@2o17");
+        // 此处若不指定用户名和密码,则自动转换为匿名登录
+        try {
+            ctx = new InitialLdapContext(env, connCtls);
+        } catch (javax.naming.AuthenticationException e) {
+            System.out.println("验证失败：" + e.toString());
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+
+
+    private String getUserDN(String uid) {
+        String userDN = "";
+        LDAP_connect();
+        try {
+            SearchControls constraints = new SearchControls();
+            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
+            NamingEnumeration<SearchResult> en = ctx.search("", "uid=" + uid, constraints);
+            if (en == null || !en.hasMoreElements()) {
+                System.out.println("未找到该用户");
+            }
+            // maybe more than one element
+            while (en != null && en.hasMoreElements()) {
+                Object obj = en.nextElement();
+                if (obj instanceof SearchResult) {
+                    SearchResult si = (SearchResult) obj;
+                    userDN += si.getName();
+                    userDN += "," + BASEDN;
+                } else {
+                    System.out.println(obj);
+                }
+            }
+        } catch (Exception e) {
+            System.out.println("查找用户时产生异常。");
+            e.printStackTrace();
+        }
+
+        return userDN;
+    }
+
+    public boolean authenricate(String UID, String password) {
+        boolean valide = false;
+        String userDN = getUserDN(UID);
+
+        try {
+            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
+            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
+            ctx.reconnect(connCtls);
+            System.out.println(userDN + " 验证通过");
+            valide = true;
+        } catch (AuthenticationException e) {
+            System.out.println(userDN + " 验证失败");
+            System.out.println(e.toString());
+            valide = false;
+        } catch (NamingException e) {
+            System.out.println(userDN + " 验证失败");
+            valide = false;
+        }
+
+        return valide;
+    }
+
+
+    public static void main(String[] args) {
+    }
+}
\ No newline at end of file

src/test/java/cn/quantgroup/cashloanflowboss/ldap/LDAPAuthenticationStatic.java

+package cn.quantgroup.cashloanflowboss.ldap;
+
+import javax.naming.AuthenticationException;
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.Control;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.LdapContext;
+import java.util.Hashtable;
+
+public class LDAPAuthenticationStatic {
+    private static final String URL = "ldap://ldap.quantgroups.com:389/";
+    private static final String BASEDN = "ou=北京量科邦信息技术有限公司,dc=quantgroup,dc=cn";
+    private static final String FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
+    private static LdapContext ctx = null;
+    private static final Control[] connCtls = null;
+
+    private static void LDAP_connect() {
+        Hashtable<String, String> env = new Hashtable<String, String>();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, FACTORY);
+        env.put(Context.PROVIDER_URL, URL + BASEDN);
+        env.put(Context.SECURITY_AUTHENTICATION, "simple");
+
+        String root = "cn=common_auth_query,cn=users,DC=quantgroup,DC=cn";// root
+        env.put(Context.SECURITY_PRINCIPAL, root);
+        env.put(Context.SECURITY_CREDENTIALS, "Quantgroup.com@2o17");
+        // 此处若不指定用户名和密码,则自动转换为匿名登录
+        try {
+            ctx = new InitialLdapContext(env, connCtls);
+        } catch (AuthenticationException e) {
+            System.out.println("验证失败：" + e.toString());
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+
+
+    private static String getUserDN(String uid) {
+        String userDN = "";
+        LDAP_connect();
+        try {
+            SearchControls constraints = new SearchControls();
+            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
+            NamingEnumeration<SearchResult> en = ctx.search("", "uid=" + uid, constraints);
+            if (en == null || !en.hasMoreElements()) {
+                System.out.println("未找到该用户");
+            }
+            // maybe more than one element
+            while (en != null && en.hasMoreElements()) {
+                Object obj = en.nextElement();
+                if (obj instanceof SearchResult) {
+                    SearchResult si = (SearchResult) obj;
+                    userDN += si.getName();
+                    userDN += "," + BASEDN;
+                } else {
+                    System.out.println(obj);
+                }
+            }
+        } catch (Exception e) {
+            System.out.println("查找用户时产生异常。");
+            e.printStackTrace();
+        }
+
+        return userDN;
+    }
+
+    public static boolean authenricate(String UID, String password) {
+        boolean valide = false;
+        String userDN = getUserDN(UID);
+
+        try {
+            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
+            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
+            ctx.reconnect(connCtls);
+            System.out.println(userDN + " 验证通过");
+            valide = true;
+        } catch (AuthenticationException e) {
+            System.out.println(userDN + " 验证失败");
+            System.out.println(e.toString());
+            valide = false;
+        } catch (NamingException e) {
+            System.out.println(userDN + " 验证失败");
+            valide = false;
+        }
+
+        return valide;
+    }
+
+
+    public static void main(String[] args) {
+        authenricate("tao.sun@quantgroup.cn", "qq,.,.,.810116");
+    }
+}
\ No newline at end of file