openldap,activedirectory密码验证支持

openldap,activedirectory密码验证支持，需要先完成用户同步

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java

@@ -54,6 +54,12 @@ public abstract class AbstractAuthenticationRealm {
     protected LoginHistoryService loginHistoryService;
 
     protected AbstractRemeberMeService remeberMeService;
+    
+    protected boolean ldapSupport;
+    
+    protected  AbstractAuthenticationRealm ldapAuthenticationRealm;
+    
+   
 
     /**
      * 

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java

@@ -53,9 +53,13 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm
      */
     public boolean passwordMatches(UserInfo userInfo, String password) {
         boolean passwordMatches = false;
-        _logger.info("password : " 
-                + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
-        passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
+        if(ldapSupport) {
+        	passwordMatches =this.ldapAuthenticationRealm.passwordMatches(userInfo, password);
+        }else {
+	        _logger.debug("password : " 
+	                + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
+	        passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
+        }
         _logger.debug("passwordvalid : " + passwordMatches);
         if (!passwordMatches) {
             passwordPolicyValidator.setBadPasswordCount(userInfo);

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java

@@ -17,6 +17,7 @@
 
 package org.maxkey.authn.realm.jdbc;
 
+import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.persistence.db.LoginHistoryService;
 import org.maxkey.persistence.db.LoginService;
@@ -59,5 +60,27 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
     }
     
     
+    public JdbcAuthenticationRealm(
+    		PasswordEncoder passwordEncoder,
+    		PasswordPolicyValidator passwordPolicyValidator,
+    		LoginService loginService,
+    		LoginHistoryService loginHistoryService,
+    		AbstractRemeberMeService remeberMeService,
+    	    JdbcTemplate jdbcTemplate,
+    	    AbstractAuthenticationRealm ldapAuthenticationRealm,
+    	    boolean ldapSupport
+    	    ) {
+    	
+    	this.passwordEncoder =passwordEncoder;
+    	this.passwordPolicyValidator=passwordPolicyValidator;
+    	this.loginService = loginService;
+    	this.loginHistoryService = loginHistoryService;
+    	this.remeberMeService = remeberMeService;
+        this.jdbcTemplate = jdbcTemplate;
+        this.ldapAuthenticationRealm = ldapAuthenticationRealm;
+        this.ldapSupport = ldapSupport;
+    }
+    
+    
 
 }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapServer.java

@@ -46,7 +46,7 @@ public final class LdapServer implements IAuthenticationServer {
 	 */
 	@Override
 	public boolean authenticate(String username, String password) {
-		String queryFilter = "("+filterAttribute+"="+username+")";
+		String queryFilter = String.format(filterAttribute, username);
 		_logger.info(" filter : " + queryFilter);
 		String dn="";
 		SearchControls constraints = new SearchControls();
@@ -69,7 +69,7 @@ public final class LdapServer implements IAuthenticationServer {
 		} catch (NamingException e) {
 			_logger.error("query throw NamingException:" + e.getMessage());
 		} finally {
-			ldapUtils.close();
+			//ldapUtils.close();
 		}
 		
 		LdapUtils ldapPassWordValid=new LdapUtils(ldapUtils.getProviderUrl(),dn,password);

maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java

@@ -101,9 +101,9 @@ public class LdapUtils {
 
     // connect to ldap server
     public DirContext openConnection() {
-        _logger.info("PROVIDER_URL:" + providerUrl);
-        _logger.info("SECURITY_PRINCIPAL:" + principal);
-        _logger.info("SECURITY_CREDENTIALS:" + credentials);
+        _logger.debug("PROVIDER_URL:" + providerUrl);
+        _logger.debug("SECURITY_PRINCIPAL:" + principal);
+        _logger.trace("SECURITY_CREDENTIALS:" + credentials);
         // LDAP
         Properties props = new Properties();
         props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java

@@ -22,6 +22,7 @@ import java.util.List;
 import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
 import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm;
 import org.maxkey.authn.realm.ldap.LdapServer;
+import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.realm.IAuthenticationServer;
 import org.maxkey.authn.realm.activedirectory.ActiveDirectoryAuthenticationRealm;
 import org.maxkey.authn.realm.activedirectory.ActiveDirectoryServer;
@@ -45,7 +46,6 @@ import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.ldap.ActiveDirectoryUtils;
 import org.maxkey.persistence.ldap.LdapUtils;
 import org.maxkey.persistence.redis.RedisConnectionFactory;
-import org.mybatis.spring.annotation.MapperScan;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
@@ -104,6 +104,48 @@ public class MaxKeyConfig  implements InitializingBean {
         return keyUriFormat;
     }
     
+    public AbstractAuthenticationRealm ldapAuthenticationRealm(
+    			boolean ldapSupport,
+    			boolean ldapJit,
+    			String providerUrl,
+    			String principal,
+    			String credentials,
+    			String filter,
+    			String baseDN,
+    			String domain,
+    			String product,
+                JdbcTemplate jdbcTemplate) {
+    	
+    	AbstractAuthenticationRealm authenticationRealm =null;
+    	if(ldapSupport) {
+	    	if(product.equalsIgnoreCase("activedirectory")) {
+	    		ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate);
+	            ActiveDirectoryServer ldapServer=new ActiveDirectoryServer();
+	            ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain);
+	            ldapServer.setActiveDirectoryUtils(ldapUtils);
+	            
+	            List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
+	            ldapServers.add(ldapServer);
+	            activeDirectoryAuthenticationRealm.setActiveDirectoryServers(ldapServers);
+	            authenticationRealm = activeDirectoryAuthenticationRealm;
+	            _logger.debug("ActiveDirectoryAuthenticationRealm inited.");
+	    	}else {
+	    		LdapAuthenticationRealm ldapAuthenticationRealm = new LdapAuthenticationRealm(jdbcTemplate);
+		        LdapServer ldapServer=new LdapServer();
+		        LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN);
+		        ldapServer.setLdapUtils(ldapUtils);
+		        ldapServer.setFilterAttribute(filter);
+		        List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
+		        ldapServers.add(ldapServer);
+		        ldapAuthenticationRealm.setLdapServers(ldapServers);
+		        authenticationRealm = ldapAuthenticationRealm;
+		        _logger.debug("LdapAuthenticationRealm inited.");
+	    	}
+    	}
+        return authenticationRealm;
+        
+    }
+    
     //可以在此实现其他的登陆认证方式，请实现AbstractAuthenticationRealm
     @Bean(name = "authenticationRealm")
     public JdbcAuthenticationRealm authenticationRealm(
@@ -112,7 +154,16 @@ public class MaxKeyConfig  implements InitializingBean {
 	    		LoginService loginService,
 	    		LoginHistoryService loginHistoryService,
 	    		AbstractRemeberMeService remeberMeService,
-                JdbcTemplate jdbcTemplate) {
+                JdbcTemplate jdbcTemplate,
+                @Value("${maxkey.support.ldap.enable:false}")boolean ldapSupport,
+    			@Value("${maxkey.support.ldap.jit:false}")boolean ldapJit,
+    			@Value("${maxkey.support.ldap.providerurl}")String providerUrl,
+    			@Value("${maxkey.support.ldap.principal}")String principal,
+    			@Value("${maxkey.support.ldap.credentials}")String credentials,
+    			@Value("${maxkey.support.ldap.filter}")String filter,
+    			@Value("${maxkey.support.ldap.basedn}")String baseDN,
+    			@Value("${maxkey.support.ldap.domain}")String domain,
+    			@Value("${maxkey.support.ldap.product:openldap}")String product) {
     	
         JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(
         		passwordEncoder,
@@ -120,48 +171,18 @@ public class MaxKeyConfig  implements InitializingBean {
         		loginService,
         		loginHistoryService,
         		remeberMeService,
-        		jdbcTemplate);
+        		jdbcTemplate,
+        		ldapAuthenticationRealm(
+        				ldapSupport,ldapJit,
+        				providerUrl,principal,credentials,
+        				filter,baseDN,domain,product,
+        				jdbcTemplate),
+        		ldapSupport);
         
         return authenticationRealm;
     }
     
-    //LdapAuthenticationRealm
-    public LdapAuthenticationRealm ldapAuthenticationRealm(
-                JdbcTemplate jdbcTemplate) {
-        LdapAuthenticationRealm authenticationRealm = new LdapAuthenticationRealm(jdbcTemplate);
-        LdapServer ldapServer=new LdapServer();
-        String providerUrl = "ldap://localhost:389";
-        String principal = "cn=root";
-        String credentials = "maxkey";
-        String baseDN = "dc=maxkey,dc=top";
-        LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN);
-        ldapServer.setLdapUtils(ldapUtils);
-        ldapServer.setFilterAttribute("uid");
-        List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
-        ldapServers.add(ldapServer);
-        authenticationRealm.setLdapServers(ldapServers);
-        _logger.debug("LdapAuthenticationRealm inited.");
-        return authenticationRealm;
-    }
     
-    //ActiveDirectoryAuthenticationRealm
-    public ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm(
-                JdbcTemplate jdbcTemplate) {
-        ActiveDirectoryAuthenticationRealm authenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate);
-        ActiveDirectoryServer ldapServer=new ActiveDirectoryServer();
-        String providerUrl = "ldap://localhost:389";
-        String principal = "cn=root";
-        String credentials = "maxkey";
-        String domain = "maxkey";
-        ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain);
-        ldapServer.setActiveDirectoryUtils(ldapUtils);
-        
-        List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
-        ldapServers.add(ldapServer);
-        authenticationRealm.setActiveDirectoryServers(ldapServers);
-        _logger.debug("LdapAuthenticationRealm inited.");
-        return authenticationRealm;
-    }
     
 	@Bean(name = "timeBasedOtpAuthn")
     public TimeBasedOtpAuthn timeBasedOtpAuthn() {

maxkey-web-maxkey/src/main/resources/application-http.properties

@@ -208,7 +208,23 @@ maxkey.support.httpheader.headername=header-user
 ############################################################################
 
 maxkey.support.basic.enable=false
-
+############################################################################ 
+#                LDAP Login support configuration
+############################################################################
+maxkey.support.ldap.enable=false
+maxkey.support.ldap.jit=false
+#openldap,activedirectory,normal
+maxkey.support.ldap.product=openldap
+maxkey.support.ldap.ssl=false
+maxkey.support.ldap.providerurl=ldap://localhost:389
+maxkey.support.ldap.principal=cn=Manager,dc=maxcrc,dc=com
+maxkey.support.ldap.credentials=secret
+maxkey.support.ldap.basedn=dc=maxcrc,dc=com
+maxkey.support.ldap.filter=(uid=%s)
+maxkey.support.ldap.truststore=maxkey
+maxkey.support.ldap.truststorepassword=maxkey
+#activedirectory effective
+maxkey.support.ldap.activedirectory.domain=MAXKEY.ORG
 #############################################################################
 #                WsFederation Login support configuration
 #identifier: the identifer for the ADFS server

maxkey-web-maxkey/src/main/resources/application-https.properties

@@ -215,6 +215,24 @@ maxkey.support.httpheader.headername=header-user
 ############################################################################
 
 maxkey.support.basic.enable=false
+############################################################################ 
+#                LDAP Login support configuration
+############################################################################
+
+maxkey.support.ldap.enable=false
+maxkey.support.ldap.jit=false
+#openldap,activedirectory,normal
+maxkey.support.ldap.product=openldap
+maxkey.support.ldap.ssl=false
+maxkey.support.ldap.providerurl=ldap://localhost:389
+maxkey.support.ldap.principal=cn=Manager,dc=maxcrc,dc=com
+maxkey.support.ldap.credentials=secret
+maxkey.support.ldap.basedn=dc=maxcrc,dc=com
+maxkey.support.ldap.filter=(uid=%s)
+maxkey.support.ldap.truststore=maxkey
+maxkey.support.ldap.truststorepassword=maxkey
+#activedirectory effective
+maxkey.support.ldap.activedirectory.domain=MAXKEY.ORG
 
 #############################################################################
 #                WsFederation Login support configuration