6.4.2.1. 引入类库

http://www.ioplex.com 下载这个库,然后把这个 JAR 上传到 build.gradle 脚本中注册的一个仓库中。仓库可以是 mavenLocal() 或者内部仓库(私仓)。

build.gradle 中的 web 模块配置部分添加以下依赖:

  1. configure(webModule) {
  2. ...
  3. dependencies {
  4. compile('com.company.thirdparty:jespa:1.1.17') // from a custom repository
  5. compile('jcifs:jcifs:1.3.17') // from Maven Central
  6. ...

web 模块创建一个 CubaAuthProvider 的实现类:

  1. package com.company.sample.web;
  2. import com.haulmont.cuba.core.global.AppBeans;
  3. import com.haulmont.cuba.core.global.Configuration;
  4. import com.haulmont.cuba.core.global.GlobalConfig;
  5. import com.haulmont.cuba.core.global.Messages;
  6. import com.haulmont.cuba.core.sys.AppContext;
  7. import com.haulmont.cuba.security.global.LoginException;
  8. import com.haulmont.cuba.web.auth.CubaAuthProvider;
  9. import com.haulmont.cuba.web.auth.DomainAliasesResolver;
  10. import jespa.http.HttpSecurityService;
  11. import jespa.ntlm.NtlmSecurityProvider;
  12. import jespa.security.PasswordCredential;
  13. import jespa.security.SecurityProviderException;
  14. import org.apache.commons.lang.StringUtils;
  15. import org.apache.commons.logging.Log;
  16. import org.apache.commons.logging.LogFactory;
  17. import javax.inject.Inject;
  18. import javax.servlet.*;
  19. import javax.servlet.http.HttpServletRequest;
  20. import java.io.IOException;
  21. import java.util.HashMap;
  22. import java.util.Locale;
  23. import java.util.Map;
  24. public class JespaAuthProvider extends HttpSecurityService implements CubaAuthProvider {
  25. private static class DomainInfo {
  26. private String bindStr;
  27. private String acctName;
  28. private String acctPassword;
  29. private DomainInfo(String bindStr, String acctName, String acctPassword) {
  30. this.acctName = acctName;
  31. this.acctPassword = acctPassword;
  32. this.bindStr = bindStr;
  33. }
  34. }
  35. private static Map<String, DomainInfo> domains = new HashMap<>();
  36. private static String defaultDomain;
  37. private Log log = LogFactory.getLog(getClass());
  38. @Inject
  39. private Configuration configuration;
  40. @Inject
  41. private Messages messages;
  42. @SuppressWarnings("deprecation")
  43. @Override
  44. public void init(FilterConfig filterConfig) throws ServletException {
  45. initDomains();
  46. Map<String, String> properties = new HashMap<>();
  47. properties.put("jespa.bindstr", getBindStr());
  48. properties.put("jespa.service.acctname", getAcctName());
  49. properties.put("jespa.service.password", getAcctPassword());
  50. properties.put("jespa.account.canonicalForm", "3");
  51. properties.put("jespa.log.path", configuration.getConfig(GlobalConfig.class).getLogDir() + "/jespa.log");
  52. properties.put("http.parameter.anonymous.name", "anon");
  53. fillFromSystemProperties(properties);
  54. try {
  55. super.init(properties);
  56. } catch (SecurityProviderException e) {
  57. throw new ServletException(e);
  58. }
  59. }
  60. @Override
  61. public void destroy() {
  62. }
  63. @Override
  64. public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
  65. throws IOException, ServletException {
  66. HttpServletRequest httpServletRequest = (HttpServletRequest) request;
  67. if (httpServletRequest.getHeader("User-Agent") != null) {
  68. String ua = httpServletRequest.getHeader("User-Agent").toLowerCase();
  69. boolean windows = ua.contains("windows");
  70. boolean gecko = ua.contains("gecko") && !ua.contains("webkit");
  71. if (!windows && gecko) {
  72. chain.doFilter(request, response);
  73. return;
  74. }
  75. }
  76. super.doFilter(request, response, chain);
  77. }
  78. @Override
  79. public void authenticate(String login, String password, Locale loc) throws LoginException {
  80. DomainAliasesResolver aliasesResolver = AppBeans.get(DomainAliasesResolver.NAME);
  81. String domain;
  82. String userName;
  83. int atSignPos = login.indexOf("@");
  84. if (atSignPos >= 0) {
  85. String domainAlias = login.substring(atSignPos + 1);
  86. domain = aliasesResolver.getDomainName(domainAlias).toUpperCase();
  87. } else {
  88. int slashPos = login.indexOf('\\');
  89. if (slashPos <= 0) {
  90. throw new LoginException("Invalid name: %s", login);
  91. }
  92. String domainAlias = login.substring(0, slashPos);
  93. domain = aliasesResolver.getDomainName(domainAlias).toUpperCase();
  94. }
  95. userName = login;
  96. DomainInfo domainInfo = domains.get(domain);
  97. if (domainInfo == null) {
  98. throw new LoginException("Unknown domain: %s", domain);
  99. }
  100. Map<String, String> params = new HashMap<>();
  101. params.put("bindstr", domainInfo.bindStr);
  102. params.put("service.acctname", domainInfo.acctName);
  103. params.put("service.password", domainInfo.acctPassword);
  104. params.put("account.canonicalForm", "3");
  105. fillFromSystemProperties(params);
  106. NtlmSecurityProvider provider = new NtlmSecurityProvider(params);
  107. try {
  108. PasswordCredential credential = new PasswordCredential(userName, password.toCharArray());
  109. provider.authenticate(credential);
  110. } catch (SecurityProviderException e) {
  111. throw new LoginException("Authentication error: %s", e.getMessage());
  112. }
  113. }
  114. private void initDomains() {
  115. String domainsStr = AppContext.getProperty("cuba.web.activeDirectoryDomains");
  116. if (!StringUtils.isBlank(domainsStr)) {
  117. String[] strings = domainsStr.split(";");
  118. for (int i = 0; i < strings.length; i++) {
  119. String domain = strings[i];
  120. domain = domain.trim();
  121. if (!StringUtils.isBlank(domain)) {
  122. String[] parts = domain.split("\\|");
  123. if (parts.length != 4) {
  124. log.error("Invalid ActiveDirectory domain definition: " + domain);
  125. break;
  126. } else {
  127. domains.put(parts[0], new DomainInfo(parts[1], parts[2], parts[3]));
  128. if (i == 0)
  129. defaultDomain = parts[0];
  130. }
  131. }
  132. }
  133. }
  134. }
  135. public String getDefaultDomain() {
  136. return defaultDomain != null ? defaultDomain : "";
  137. }
  138. public String getBindStr() {
  139. return getBindStr(getDefaultDomain());
  140. }
  141. public String getBindStr(String domain) {
  142. initDomains();
  143. DomainInfo domainInfo = domains.get(domain);
  144. return domainInfo != null ? domainInfo.bindStr : "";
  145. }
  146. public String getAcctName() {
  147. return getAcctName(getDefaultDomain());
  148. }
  149. public String getAcctName(String domain) {
  150. initDomains();
  151. DomainInfo domainInfo = domains.get(domain);
  152. return domainInfo != null ? domainInfo.acctName : "";
  153. }
  154. public String getAcctPassword() {
  155. return getAcctPassword(getDefaultDomain());
  156. }
  157. public String getAcctPassword(String domain) {
  158. initDomains();
  159. DomainInfo domainInfo = domains.get(domain);
  160. return domainInfo != null ? domainInfo.acctPassword : "";
  161. }
  162. public void fillFromSystemProperties(Map<String, String> params) {
  163. for (String name : AppContext.getPropertyNames()) {
  164. if (name.startsWith("jespa.")) {
  165. params.put(name, AppContext.getProperty(name));
  166. }
  167. }
  168. }
  169. }