From 0d13c4831901b96de4a0d1516da9b6675a7853a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Caaron=E2=80=9D?= <757230079@qq.com>
Date: Mon, 2 Aug 2021 11:45:43 +0800
Subject: [PATCH] For #756

---
 .../authentication/LoginAuthentication.java   | 33 +++++++++++++++
 .../admin/controller/UserController.java      | 42 +++++++++++++++----
 2 files changed, 66 insertions(+), 9 deletions(-)
 create mode 100644 dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/LoginAuthentication.java

diff --git a/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/LoginAuthentication.java b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/LoginAuthentication.java
new file mode 100644
index 000000000..c9445e604
--- /dev/null
+++ b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/authentication/LoginAuthentication.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.dubbo.admin.authentication;
+
+import org.apache.dubbo.common.extension.SPI;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Logon permission authentication
+ *
+ */
+@SPI
+public interface LoginAuthentication {
+    
+    boolean authentication(HttpServletRequest request, String userName, String password);
+    
+}
diff --git a/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/controller/UserController.java b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/controller/UserController.java
index 84a794030..82e503133 100644
--- a/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/controller/UserController.java
+++ b/dubbo-admin-server/src/main/java/org/apache/dubbo/admin/controller/UserController.java
@@ -17,8 +17,10 @@
 package org.apache.dubbo.admin.controller;
 
 import org.apache.dubbo.admin.annotation.Authority;
+import org.apache.dubbo.admin.authentication.LoginAuthentication;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.dubbo.common.extension.ExtensionLoader;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -29,8 +31,10 @@
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
+import java.util.Iterator;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -49,15 +53,26 @@ public class UserController {
     private long sessionTimeoutMilli;
 
     @RequestMapping(value = "/login", method = RequestMethod.GET)
-    public String login(@RequestParam String userName, @RequestParam String password) {
-        if (StringUtils.isBlank(rootUserName) || (rootUserName.equals(userName) && rootUserPassword.equals(password))) {
-            UUID uuid = UUID.randomUUID();
-            String token = uuid.toString();
-            User user = new User();
-            user.setUserName(userName);
-            user.setLastUpdateTime(System.currentTimeMillis());
-            tokenMap.put(token, user);
-            return token;
+    public String login(HttpServletRequest httpServletRequest, @RequestParam String userName, @RequestParam String password) {
+        ExtensionLoader<LoginAuthentication> extensionLoader = ExtensionLoader.getExtensionLoader(LoginAuthentication.class);
+        Set<LoginAuthentication> supportedExtensionInstances = extensionLoader.getSupportedExtensionInstances();
+        Iterator<LoginAuthentication> iterator = supportedExtensionInstances.iterator();
+        boolean flag = true;
+        if (iterator == null) {
+            if (StringUtils.isBlank(rootUserName) || (rootUserName.equals(userName) && rootUserPassword.equals(password))) {
+                return creatToken(rootUserName);
+            }
+        }
+        while (iterator.hasNext()) {
+            LoginAuthentication loginAuthentication = iterator.next();
+            boolean b = loginAuthentication.authentication(httpServletRequest, userName, password);
+            flag = b & flag;
+            if (flag == false) {
+                break;
+            }
+        }
+        if (flag) {
+            return creatToken(userName);
         }
         return null;
     }
@@ -97,4 +112,13 @@ public void setLastUpdateTime(long lastUpdateTime) {
         }
     }
 
+    public String creatToken(String userName) {
+        UUID uuid = UUID.randomUUID();
+        String token = uuid.toString();
+        User user = new User();
+        user.setUserName(userName);
+        user.setLastUpdateTime(System.currentTimeMillis());
+        tokenMap.put(token, user);
+        return token;
+    }
 }