做番号网站违法么,专业找图片的网站,产品免费推广网站有哪些,上海关键词优化方法最近开发的应用需要外协人员实现登录认证#xff0c;外协人员的密码等信息已经录入到ldap, 需要连接ldap进行登录认证。下面先介绍一下登录的网络旅程图。 一.nginx实现AES加密
nginx请求处理入口#xff08;前端请求为json格式#xff09; location /aes {default_type te… 最近开发的应用需要外协人员实现登录认证外协人员的密码等信息已经录入到ldap, 需要连接ldap进行登录认证。下面先介绍一下登录的网络旅程图。 一.nginx实现AES加密
nginx请求处理入口前端请求为json格式 location /aes {default_type text/html;content_by_lua_block{local access_filter require resty.aes_authlocal r access_filter.aes_auth()ngx.header.content_type application/json; charsetUTF-8if r true then ngx.say([[{code:200,message:Certification successful!,data:true,logCode:null}]])else ngx.say([[{code:401,message:Authentication failed!,data:false,logCode:null }]])endngx.exit(200)}}openresty请求认证接口脚本
local aes require resty.aes
local cjson require(cjson.safe)
local http require(resty.http)
local key abcdefmJTNn}8Z#2
local iv 1234567890123456local _M {}
function _M.aes_auth()ngx.req.read_body()local args,err ngx.req.get_body_data()if (not args) or (err) thenreturn falseendlocal arg_json cjson.decode(args)local username arg_json.usernamelocal password arg_json.passwordif (not username) or (not password) thenreturn falseendlocal cript aes:new(key, nil, aes.cipher(128, cbc), {iviv, methodnil})local pwd cript:encrypt(password)if pwd thenpwd ngx.encode_base64(pwd)elsereturn falseendlocal httpc http.new()local requestBody {username username,password pwd}local json_body cjson.encode(requestBody)local resp,err httpc:request_uri(http://10.1.1.1:8080, {method POST,path /ldap/authUser,body json_body,headers { ---header参数[Content-Type] application/json;charsetUTF-8}})if err thenreturn falseendlocal result falseif resp thenlocal data cjson.decode(resp.body).dataif data thenresult dataendendreturn result
endreturn _M 二.应用服务调用ldap服务
引入依赖
!--ldap--
dependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-data-ldap/artifactIdversion2.3.12.RELEASE/version
/dependency
!--aes对称加密--
dependencygroupIdorg.bouncycastle/groupIdartifactIdbcprov-jdk15on/artifactIdversion1.56/version
/dependency
AES加密解密工具类需要注意的是nginx不支持PKCS5Padding填充方式。
package com.xxx.xxx.xxx.util;import java.nio.charset.StandardCharsets;
import java.security.Security;
import java.util.Base64;import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import lombok.extern.slf4j.Slf4j;
import org.junit.platform.commons.util.StringUtils;
import org.springframework.util.Base64Utils;/*** description:AES对称加密工具类** author: lgq* create: 2024-01-26 10:03*/
Slf4j
public class AESUtil {/*** 日志相关*//*** 编码*/private static final String ENCODING UTF-8;/*** 算法定义*/private static final String AES_ALGORITHM AES;/*** 指定填充方式*/private static final String CIPHER_PADDING AES/ECB/PKCS5Padding;//必须使用PKCS7Padding因为nginx不支持PKCS5Padding填充方式private static final String CIPHER_CBC_PADDING AES/CBC/PKCS7Padding;/*** 偏移量(CBC中使用增强加密算法强度)*/private static final String IV_SEED 1234567890123456;private static final String RANDOM_SECRET abcefmJTNn}8Z#2;static {// 指定使用bouncycastle包来加密, 引入目的就是为了支持AES/CBC/PKCS7PaddingSecurity.addProvider(new BouncyCastleProvider());}public static String getRandomSecret() {return RANDOM_SECRET;}/*** AES加密** param content 待加密内容* param aesKey 密码* return*/public static String encrypt(String content, String aesKey) {if (StringUtils.isBlank(content)) {log.info(AES encrypt: the content is null!);return null;}//判断秘钥是否为16位if (StringUtils.isNotBlank(aesKey) aesKey.length() 16) {try {//对密码进行编码byte[] bytes aesKey.getBytes(ENCODING);//设置加密算法生成秘钥SecretKeySpec skeySpec new SecretKeySpec(bytes, AES_ALGORITHM);// 算法/模式/补码方式Cipher cipher Cipher.getInstance(CIPHER_PADDING);//选择加密cipher.init(Cipher.ENCRYPT_MODE, skeySpec);//根据待加密内容生成字节数组byte[] encrypted cipher.doFinal(content.getBytes(ENCODING));//返回base64字符串return Base64Utils.encodeToString(encrypted);} catch (Exception e) {log.info(AES encrypt exception: e.getMessage());throw new RuntimeException(e);}} else {log.info(AES encrypt: the aesKey is null or error!);return null;}}/*** 解密** param content 待解密内容* param aesKey 密码* return*/public static String decrypt(String content, String aesKey) {if (StringUtils.isBlank(content)) {log.info(AES decrypt: the content is null!);return null;}//判断秘钥是否为16位if (StringUtils.isNotBlank(aesKey) aesKey.length() 16) {try {//对密码进行编码byte[] bytes aesKey.getBytes(ENCODING);//设置解密算法生成秘钥SecretKeySpec skeySpec new SecretKeySpec(bytes, AES_ALGORITHM);// 算法/模式/补码方式Cipher cipher Cipher.getInstance(CIPHER_PADDING);//选择解密cipher.init(Cipher.DECRYPT_MODE, skeySpec);//先进行Base64解码byte[] decodeBase64 Base64Utils.decodeFromString(content);//根据待解密内容进行解密byte[] decrypted cipher.doFinal(decodeBase64);//将字节数组转成字符串return new String(decrypted, ENCODING);} catch (Exception e) {log.info(AES decrypt exception: e.getMessage());throw new RuntimeException(e);}} else {log.info(AES decrypt: the aesKey is null or error!);return null;}}/*** AES_CBC加密** param content 待加密内容* param aesKey 密码* return*/public static String encryptCBC(String content, String aesKey) {if (StringUtils.isBlank(content)) {log.info(AES_CBC encrypt: the content is null!);return null;}//判断秘钥是否为16位if (StringUtils.isNotBlank(aesKey) aesKey.length() 16) {try {//对密码进行编码byte[] bytes aesKey.getBytes(ENCODING);//设置加密算法生成秘钥SecretKeySpec skeySpec new SecretKeySpec(bytes, AES_ALGORITHM);// 算法/模式/补码方式Cipher cipher Cipher.getInstance(CIPHER_CBC_PADDING);//偏移IvParameterSpec iv new IvParameterSpec(IV_SEED.getBytes(ENCODING));//选择加密cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);//, iv//根据待加密内容生成字节数组byte[] encrypted cipher.doFinal(content.getBytes(ENCODING));//返回base64字符串return Base64Utils.encodeToString(encrypted);} catch (Exception e) {log.info(AES_CBC encrypt exception: e.getMessage());throw new RuntimeException(e);}} else {log.info(AES_CBC encrypt: the aesKey is null or error!);return null;}}/*** AES_CBC解密** param content 待解密内容* param aesKey 密码* return*/public static String decryptCBC(String content, String aesKey) {if (StringUtils.isBlank(content)) {log.info(AES_CBC decrypt: the content is null!);return null;}//判断秘钥是否为16位if (StringUtils.isNotBlank(aesKey) aesKey.length() 16) {try {//对密码进行编码byte[] bytes aesKey.getBytes(ENCODING);//设置解密算法生成秘钥SecretKeySpec skeySpec new SecretKeySpec(bytes, AES_ALGORITHM);//偏移IvParameterSpec iv new IvParameterSpec(IV_SEED.getBytes(ENCODING));// 算法/模式/补码方式Cipher cipher Cipher.getInstance(CIPHER_CBC_PADDING);//选择解密cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);//先进行Base64解码byte[] decodeBase64 Base64Utils.decodeFromString(content);//根据待解密内容进行解密byte[] decrypted cipher.doFinal(decodeBase64);//将字节数组转成字符串return new String(decrypted, ENCODING);} catch (Exception e) {log.info(AES_CBC decrypt exception: e.getMessage());throw new RuntimeException(e);}} else {log.info(AES_CBC decrypt: the aesKey is null or error!);return null;}}}
ladp配置类
package com.xxx.xxx.xxx.config;import javax.annotation.Resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;/*** description:LdapConfig** author: lgq* create: 2024-01-25 10:34*/
Configuration
public class LdapConfig {Resourceprivate LdapProperties ldapProperties;Beanpublic LdapTemplate ldapTemplate() {LdapContextSource contextSource new LdapContextSource();contextSource.setUrl(ldapProperties.getUrls());contextSource.setBase(ldapProperties.getBase());contextSource.setUserDn(ldapProperties.getUsername());contextSource.setPassword(ldapProperties.getPassword());contextSource.afterPropertiesSet();LdapTemplate ldapTemplate new LdapTemplate(contextSource);ldapTemplate.setIgnorePartialResultException(true);ldapTemplate.setDefaultTimeLimit(1000);ldapTemplate.setDefaultCountLimit(100);return ldapTemplate;}}package com.xxx.xxx.xxx.config;import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;/*** description:ldapProperties** author: lgq* create: 2024-01-25 18:13*/
Data
ConfigurationProperties(prefix spring.ldap)
public class LdapProperties {/*** ldap服务地址*/private String urls;/*** 用户账号*/private String username;/*** 密码*/private String password;/*** base路径*/private String base;
}yml文件配置spring:profiles: prodapplication:name: service-xxxldap:urls: ldap://10.1.1.1:389password: xxxxxxxxusername: cnxxx.LDAP,ouxxx,ouxxx,dcxxx,dcxxxbase: dcxxx,dcxxx认证服务类
package com.xxx.xxx.xxx.service.impl;import java.nio.charset.StandardCharsets;
import java.util.Base64;import javax.annotation.Resource;import com.xxx.xxx.xxx.service.LdapService;
import com.xxx.xxx.xxx.util.AESUtil;import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.ObjectUtils;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.stereotype.Service;/*** description:LdapServiceImpl** author: lgq* create: 2024-01-26 09:26*/
Service
Slf4j
public class LdapServiceImpl implements LdapService {Resourceprivate LdapTemplate ldapTemplate;/*** 验证登录用户的账号密码是否正确* param username* param password* return*/Overridepublic boolean authLoginUser(String username, String password) {if (ObjectUtils.isEmpty(username) || ObjectUtils.isEmpty(password)) {return false;}/*** aes对password进行解密*/String content AESUtil.decryptCBC(password, AESUtil.getRandomSecret());if (ObjectUtils.isEmpty(content)) {return false;}String baseDn ;String filter sAMAccountName username;boolean result false;try {result ldapTemplate.authenticate(baseDn, filter, content);} catch (Exception ex) {log.error(ex.getMessage(), ex);} catch (Error er) {log.error(er.getMessage(), er);}return result;}}
