增加LDAP认证，如果LDAP认证不通过，则验证本地用户名密码（用户与OA同步待增加）

2021-07-07 16:04:49 +08:00 · 2021-07-07 16:04:49 +08:00 · acd5aed95b
parent 07d9c2641d
commit acd5aed95b
3 changed files with 25 additions and 1 deletions
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@ -69,6 +69,12 @@ spring:
    restart:
      # 热部署开关
      enabled: true
+  #ldap
+  ldap:
+    urls: ldap://192.168.2.10:389
+    base: OU=bp,DC=bpsemi,DC=com
+    username: administrator@bpsemi.com
+    password: Bps@2831!

 # MyBatis
 mybatis:
--- a/ruoyi-framework/pom.xml
+++ b/ruoyi-framework/pom.xml
@ -77,6 +77,12 @@
            <artifactId>ruoyi-system</artifactId>
        </dependency>

+        <!--ldap-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-ldap</artifactId>
+        </dependency>
+
    </dependencies>

 </project>
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/service/SysPasswordService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/service/SysPasswordService.java
@ -7,6 +7,8 @@ import org.apache.shiro.cache.CacheManager;
 import org.apache.shiro.crypto.hash.Md5Hash;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.filter.EqualsFilter;
 import org.springframework.stereotype.Component;
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.constant.ShiroConstants;
@ -28,6 +30,9 @@ public class SysPasswordService
    @Autowired
    private CacheManager cacheManager;

+    @Autowired
+    private LdapTemplate ldapTemplate;
+
    private Cache<String, AtomicInteger> loginRecordCache;

    @Value(value = "${user.password.maxRetryCount}")
@ -70,7 +75,14 @@ public class SysPasswordService

    public boolean matches(SysUser user, String newPassword)
    {
-        return user.getPassword().equals(encryptPassword(user.getLoginName(), newPassword, user.getSalt()));
+        //增加LDAP认证，如果LDAP认证不通过，则验证本地用户名密码 --yangbo 2021/7/7
+            EqualsFilter filter = new EqualsFilter("sAMAccountName", user.getLoginName());
+            Boolean result = ldapTemplate.authenticate("", filter.toString(), newPassword);
+            if(!result)
+            {
+            return user.getPassword().equals(encryptPassword(user.getLoginName(), newPassword, user.getSalt()));
+            }
+            return result;
    }

    public void clearLoginRecordCache(String loginName)