update

2026-05-17 20:57:51 +00:00 · 2025-03-10 12:42:13 +08:00
parent 3c46fad829
commit dd98ff2b10
9 changed files with 201 additions and 83 deletions
--- a/modules/core/src/main/java/com/bytedesk/core/rbac/auth/AuthEntryPoint.java
+++ b/modules/core/src/main/java/com/bytedesk/core/rbac/auth/AuthEntryPoint.java
@@ -2,7 +2,7 @@
 * @Author: jackning 270580156@qq.com
 * @Date: 2024-01-29 12:45:01
 * @LastEditors: jackning 270580156@qq.com
- * @LastEditTime: 2024-11-12 14:32:01
+ * @LastEditTime: 2025-03-10 12:24:39
 * @Description: bytedesk.com https://github.com/Bytedesk/bytedesk
 *   Please be aware of the BSL license restrictions before installing Bytedesk IM – 
 *  selling, reselling, or hosting Bytedesk IM as a service is a breach of the terms and automatically terminates your rights under the license. 
--- a/modules/core/src/main/java/com/bytedesk/core/rbac/auth/ldap/LdapSecurityConfig.java
+++ b/modules/core/src/main/java/com/bytedesk/core/rbac/auth/ldap/LdapSecurityConfig.java
@@ -0,0 +1,72 @@
+/*
+ * @Author: jackning 270580156@qq.com
+ * @Date: 2025-03-10 12:25:11
+ * @LastEditors: jackning 270580156@qq.com
+ * @LastEditTime: 2025-03-10 12:38:51
+ * @Description: bytedesk.com https://github.com/Bytedesk/bytedesk
+ *   Please be aware of the BSL license restrictions before installing Bytedesk IM – 
+ *  selling, reselling, or hosting Bytedesk IM as a service is a breach of the terms and automatically terminates your rights under the license. 
+ *  Business Source License 1.1: https://github.com/Bytedesk/bytedesk/blob/main/LICENSE 
+ *  contact: 270580156@qq.com 
+ * 
+ * Copyright (c) 2025 by bytedesk.com, All Rights Reserved. 
+ */
+package com.bytedesk.core.rbac.auth.ldap;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.core.support.LdapContextSource;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter;
+import org.springframework.security.ldap.authentication.BindAuthenticator;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
+
+@Configuration
+public class LdapSecurityConfig extends GlobalAuthenticationConfigurerAdapter {
+
+    @Override
+    public void init(AuthenticationManagerBuilder auth) throws Exception {
+        auth.authenticationProvider(ldapAuthenticationProvider());
+    }
+
+    @Bean
+    public AuthenticationProvider ldapAuthenticationProvider() {
+        LdapAuthenticationProvider provider = new LdapAuthenticationProvider(bindAuthenticator());
+        provider.setUserDetailsContextMapper(new LdapUserDetailsMapper());
+        return provider;
+    }
+
+    @Bean
+    public BindAuthenticator bindAuthenticator() {
+        BindAuthenticator authenticator = new BindAuthenticator(contextSource());
+        authenticator.setUserSearch(userSearch());
+        return authenticator;
+    }
+
+    @Bean
+    public FilterBasedLdapUserSearch userSearch() {
+        return new FilterBasedLdapUserSearch(
+            "${spring.ldap.base}", // 搜索基础
+            "(uid={0})",          // 用户搜索过滤器
+            contextSource());
+    }
+
+    @Bean
+    public LdapContextSource contextSource() {
+        LdapContextSource contextSource = new LdapContextSource();
+        contextSource.setUrl("${spring.ldap.urls}");
+        contextSource.setBase("${spring.ldap.base}");
+        contextSource.setUserDn("${spring.ldap.username}");
+        contextSource.setPassword("${spring.ldap.password}");
+        return contextSource;
+    }
+
+    @Bean
+    public LdapTemplate ldapTemplate() {
+        return new LdapTemplate(contextSource());
+    }
+} 
--- a/modules/core/src/main/java/com/bytedesk/core/rbac/auth/ldap/LdapUserService.java
+++ b/modules/core/src/main/java/com/bytedesk/core/rbac/auth/ldap/LdapUserService.java
@@ -0,0 +1,19 @@
+package com.bytedesk.core.rbac.auth.ldap;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.filter.EqualsFilter;
+import org.springframework.ldap.filter.Filter;
+import org.springframework.stereotype.Service;
+
+@Service
+public class LdapUserService {
+
+    @Autowired
+    private LdapTemplate ldapTemplate;
+
+    public boolean authenticate(String username, String password) {
+        Filter filter = new EqualsFilter("uid", username);
+        return ldapTemplate.authenticate("", filter.encode(), password);
+    }
+}