fix ldap userId with case problem (#2326)

fix ldap userId with case problem

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java

@@ -15,6 +15,7 @@ import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultLogoutHandler;
 import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultSsoHeartbeatHandler;
 import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserInfoHolder;
 import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserService;
+import com.ctrip.framework.apollo.portal.spi.ldap.ApolloLdapAuthenticationProvider;
 import com.ctrip.framework.apollo.portal.spi.ldap.FilterLdapByGroupUserSearch;
 import com.ctrip.framework.apollo.portal.spi.ldap.LdapUserService;
 import com.ctrip.framework.apollo.portal.spi.springsecurity.SpringSecurityUserInfoHolder;
@@ -392,9 +393,10 @@ public class AuthConfiguration {
           ldapContextSource, null);
       defaultAuthAutoConfiguration.setIgnorePartialResultException(true);
       defaultAuthAutoConfiguration.setSearchSubtree(true);
-      LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
-          bindAuthenticator, defaultAuthAutoConfiguration);
-      return ldapAuthenticationProvider;
+      // Rewrite the logic of LdapAuthenticationProvider with ApolloLdapAuthenticationProvider,
+      // use userId in LDAP system instead of userId input by user.
+      return new ApolloLdapAuthenticationProvider(
+          bindAuthenticator, defaultAuthAutoConfiguration, ldapExtendProperties);
     }
 
     @Override

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/LdapExtendProperties.java

@@ -33,111 +33,3 @@ public class LdapExtendProperties {
     this.group = group;
   }
 }
-class LdapMappingProperties{
-
-  /**
-   * user ldap objectClass
-   */
-  private String objectClass;
-
-  /**
-   * user login Id
-   */
-  private String loginId;
-
-  /**
-   * user rdn key
-   */
-  private String rdnKey;
-
-  /**
-   * user display name
-   */
-  private String userDisplayName;
-
-  /**
-   * email
-   */
-  private String email;
-
-  public String getObjectClass() {
-    return objectClass;
-  }
-
-  public void setObjectClass(String objectClass) {
-    this.objectClass = objectClass;
-  }
-
-  public String getLoginId() {
-    return loginId;
-  }
-
-  public void setLoginId(String loginId) {
-    this.loginId = loginId;
-  }
-
-  public String getRdnKey() {
-    return rdnKey;
-  }
-
-  public void setRdnKey(String rdnKey) {
-    this.rdnKey = rdnKey;
-  }
-
-  public String getUserDisplayName() {
-    return userDisplayName;
-  }
-
-  public void setUserDisplayName(String userDisplayName) {
-    this.userDisplayName = userDisplayName;
-  }
-
-  public String getEmail() {
-    return email;
-  }
-
-  public void setEmail(String email) {
-    this.email = email;
-  }
-}
-class LdapGroupProperties{
-
-  /**
-   * group search base
-   */
-  private String groupBase;
-
-  /**
-   * group search filter
-   */
-  private String groupSearch;
-
-  /**
-   * group membership prop
-   */
-  private String groupMembership;
-
-  public String getGroupBase() {
-    return groupBase;
-  }
-
-  public void setGroupBase(String groupBase) {
-    this.groupBase = groupBase;
-  }
-
-  public String getGroupSearch() {
-    return groupSearch;
-  }
-
-  public void setGroupSearch(String groupSearch) {
-    this.groupSearch = groupSearch;
-  }
-
-  public String getGroupMembership() {
-    return groupMembership;
-  }
-
-  public void setGroupMembership(String groupMembership) {
-    this.groupMembership = groupMembership;
-  }
-}

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/LdapGroupProperties.java

+
+
+package com.ctrip.framework.apollo.portal.spi.configuration;
+
+/**
+ * the LdapGroupProperties description.
+ *
+ * @author wuzishu
+ */
+public class LdapGroupProperties {
+
+  /**
+   * group search base
+   */
+  private String groupBase;
+
+  /**
+   * group search filter
+   */
+  private String groupSearch;
+
+  /**
+   * group membership prop
+   */
+  private String groupMembership;
+
+  public String getGroupBase() {
+    return groupBase;
+  }
+
+  public void setGroupBase(String groupBase) {
+    this.groupBase = groupBase;
+  }
+
+  public String getGroupSearch() {
+    return groupSearch;
+  }
+
+  public void setGroupSearch(String groupSearch) {
+    this.groupSearch = groupSearch;
+  }
+
+  public String getGroupMembership() {
+    return groupMembership;
+  }
+
+  public void setGroupMembership(String groupMembership) {
+    this.groupMembership = groupMembership;
+  }
+}

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/LdapMappingProperties.java

+
+
+package com.ctrip.framework.apollo.portal.spi.configuration;
+
+/**
+ * the LdapMappingProperties description.
+ *
+ * @author wuzishu
+ */
+public class LdapMappingProperties {
+
+  /**
+   * user ldap objectClass
+   */
+  private String objectClass;
+
+  /**
+   * user login Id
+   */
+  private String loginId;
+
+  /**
+   * user rdn key
+   */
+  private String rdnKey;
+
+  /**
+   * user display name
+   */
+  private String userDisplayName;
+
+  /**
+   * email
+   */
+  private String email;
+
+  public String getObjectClass() {
+    return objectClass;
+  }
+
+  public void setObjectClass(String objectClass) {
+    this.objectClass = objectClass;
+  }
+
+  public String getLoginId() {
+    return loginId;
+  }
+
+  public void setLoginId(String loginId) {
+    this.loginId = loginId;
+  }
+
+  public String getRdnKey() {
+    return rdnKey;
+  }
+
+  public void setRdnKey(String rdnKey) {
+    this.rdnKey = rdnKey;
+  }
+
+  public String getUserDisplayName() {
+    return userDisplayName;
+  }
+
+  public void setUserDisplayName(String userDisplayName) {
+    this.userDisplayName = userDisplayName;
+  }
+
+  public String getEmail() {
+    return email;
+  }
+
+  public void setEmail(String email) {
+    this.email = email;
+  }
+}

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/ldap/ApolloLdapAuthenticationProvider.java

+
+
+package com.ctrip.framework.apollo.portal.spi.ldap;
+
+import com.ctrip.framework.apollo.portal.spi.configuration.LdapExtendProperties;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
+import org.springframework.security.ldap.authentication.LdapAuthenticator;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+/**
+ * Inherited from LdapAuthenticationProvider and rewritten the authenticate method,
+ * modified the userId used by the previous user input,
+ * changed to use the userId in the LDAP system.
+ *
+ * @author wuzishu
+ */
+public class ApolloLdapAuthenticationProvider extends LdapAuthenticationProvider {
+
+  private LdapExtendProperties properties;
+
+  public ApolloLdapAuthenticationProvider(
+      LdapAuthenticator authenticator,
+      LdapAuthoritiesPopulator authoritiesPopulator) {
+    super(authenticator, authoritiesPopulator);
+  }
+
+  public ApolloLdapAuthenticationProvider(
+      LdapAuthenticator authenticator) {
+    super(authenticator);
+  }
+
+  public ApolloLdapAuthenticationProvider(
+      LdapAuthenticator authenticator,
+      LdapAuthoritiesPopulator authoritiesPopulator,
+      LdapExtendProperties properties) {
+    super(authenticator, authoritiesPopulator);
+    this.properties = properties;
+  }
+
+  public ApolloLdapAuthenticationProvider(
+      LdapAuthenticator authenticator,
+      LdapExtendProperties properties) {
+    super(authenticator);
+    this.properties = properties;
+  }
+
+  @Override
+  public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+    Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication, this.messages
+        .getMessage("LdapAuthenticationProvider.onlySupports",
+            "Only UsernamePasswordAuthenticationToken is supported"));
+    UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken) authentication;
+    String username = userToken.getName();
+    String password = (String) authentication.getCredentials();
+    if (this.logger.isDebugEnabled()) {
+      this.logger.debug("Processing authentication request for user: " + username);
+    }
+
+    if (!StringUtils.hasLength(username)) {
+      throw new BadCredentialsException(
+          this.messages.getMessage("LdapAuthenticationProvider.emptyUsername", "Empty Username"));
+    } else if (!StringUtils.hasLength(password)) {
+      throw new BadCredentialsException(this.messages
+          .getMessage("AbstractLdapAuthenticationProvider.emptyPassword", "Empty Password"));
+    } else {
+      Assert.notNull(password, "Null password was supplied in authentication token");
+      DirContextOperations userData = this.doAuthentication(userToken);
+      String loginId = userData.getStringAttribute(properties.getMapping().getLoginId());
+      UserDetails user = this.userDetailsContextMapper.mapUserFromContext(userData, loginId,
+          this.loadUserAuthorities(userData, loginId, (String) authentication.getCredentials()));
+      return this.createSuccessfulAuthentication(userToken, user);
+    }
+  }
+}