apollo-portal使用keycloak登录时,users表中的username能否自定义?

[chinaliuhan]

apollo-portal使用keycloak登录时,users表中的username能否自定义? username似乎默认使用的是keycloak的id, 能不能使用keycloak的username.

[dosubot[bot]]

🤖

Hello @chinaliuhan,

I'm Dosu, a friendly bot here to help you with your questions, bugs, and contributions to the Apollo repository. While we're waiting for a human maintainer to assist further, I'm here to provide help where I can. Let's get started on resolving your issue together!

是的，当使用Keycloak登录到Apollo-portal时，users表中的username可以自定义。这可以通过实现Apollo为解耦定义的SPI来实现。

例如，在LDAP的上下文中，可以通过更改application-ldap.yml配置文件中ldap.mapping部分的loginId属性来自定义username。这个属性被用作登录id。

这是一个例子：

ldap:
  mapping: # 配置ldap属性
    loginId: "uid" # ldap用户唯一id，用作登录id

在这个例子中，loginId被设置为"uid"，这意味着LDAP用户唯一id将被用作Apollo中的username。你可以用你想用作username的任何有效的LDAP属性来替换"uid"。

请注意，实际的实现可能会根据你使用的具体认证方法（LDAP，OIDC等）而有所不同。

在Apollo代码库中，Keycloak集成是使用Spring Security OAuth2客户端实现的。这个配置在application-oidc-sample.yml文件中找到。

在使用Keycloak登录到Apollo-portal时，users表中的username是由UserInfo对象的userId确定的。这从OidcLocalUserServiceImpl类中的createLocalUser方法中可以看出，其中创建了一个新的User对象，username为newUserInfo.getUserId()。

这是相关的代码：

@Transactional(rollbackFor = Exception.class)
@Override
public void createLocalUser(UserInfo newUserInfo) {
  UserDetails user = new User(newUserInfo.getUserId(),
      this.placeholderDelegatingPasswordEncoder.encode(""), authorities);
  userDetailsManager.createUser(user);
  this.updateUserInfoInternal(newUserInfo);
}

在这个方法中，newUserInfo.getUserId()被用作创建新的UserDetails对象时的username。然后，这个UserDetails对象被传递给userDetailsManager.createUser(user)，这个方法可能会在users表中创建一个新的用户，并使用提供的username。

参考资料：

• docs/en/development/portal-how-to-implement-user-login-function.md
• apollo-portal/src/main/resources/application-oidc-sample.yml
• apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/oidc/OidcLocalUserServiceImpl.java

Sources

• docs/en/development/portal-how-to-implement-user-login-function.md
• apollo-portal/src/main/resources/application-oidc-sample.yml
• apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/oidc/OidcLocalUserServiceImpl.java

---

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

[chinaliuhan]

🤖

Hello @chinaliuhan,

I'm Dosu, a friendly bot here to help you with your questions, bugs, and contributions to the Apollo repository. While we're waiting for a human maintainer to assist further, I'm here to provide help where I can. Let's get started on resolving your issue together!

是的，当使用Keycloak登录到Apollo-portal时，users表中的username可以自定义。这可以通过实现Apollo为解耦定义的SPI来实现。

例如，在LDAP的上下文中，可以通过更改application-ldap.yml配置文件中ldap.mapping部分的loginId属性来自定义username。这个属性被用作登录id。

这是一个例子：

ldap:
  mapping: # 配置ldap属性
    loginId: "uid" # ldap用户唯一id，用作登录id

在这个例子中，loginId被设置为"uid"，这意味着LDAP用户唯一id将被用作Apollo中的username。你可以用你想用作username的任何有效的LDAP属性来替换"uid"。

请注意，实际的实现可能会根据你使用的具体认证方法（LDAP，OIDC等）而有所不同。

在Apollo代码库中，Keycloak集成是使用Spring Security OAuth2客户端实现的。这个配置在application-oidc-sample.yml文件中找到。

在使用Keycloak登录到Apollo-portal时，users表中的username是由UserInfo对象的userId确定的。这从OidcLocalUserServiceImpl类中的createLocalUser方法中可以看出，其中创建了一个新的User对象，username为newUserInfo.getUserId()。

这是相关的代码：

@Transactional(rollbackFor = Exception.class)
@Override
public void createLocalUser(UserInfo newUserInfo) {
  UserDetails user = new User(newUserInfo.getUserId(),
      this.placeholderDelegatingPasswordEncoder.encode(""), authorities);
  userDetailsManager.createUser(user);
  this.updateUserInfoInternal(newUserInfo);
}

在这个方法中，newUserInfo.getUserId()被用作创建新的UserDetails对象时的username。然后，这个UserDetails对象被传递给userDetailsManager.createUser(user)，这个方法可能会在users表中创建一个新的用户，并使用提供的username。

参考资料：

• docs/en/development/portal-how-to-implement-user-login-function.md
• apollo-portal/src/main/resources/application-oidc-sample.yml
• apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/oidc/OidcLocalUserServiceImpl.java

Sources

• docs/en/development/portal-how-to-implement-user-login-function.md
• apollo-portal/src/main/resources/application-oidc-sample.yml
• apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/oidc/OidcLocalUserServiceImpl.java

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

首先,感谢您的帮忙. 我在wiki中并未看到oidc中有相关的配置,请问oidc支持吗?

mapping: # 配置ldap属性
    loginId: "uid" # ldap用户唯一id，用作登录id

[dosubot[bot]]

🤖

Based on the current implementation of Apollo, it does not support customization of the username in the users table when using OIDC for authentication. The username is directly derived from the userId attribute of the UserInfo object in the createLocalUser and updateUserInfoInternal methods. Here is the relevant code:

public void createLocalUser(UserInfo newUserInfo) {
    UserDetails user = new User(newUserInfo.getUserId(),
        this.placeholderDelegatingPasswordEncoder.encode(""), authorities);
    userDetailsManager.createUser(user);
    this.updateUserInfoInternal(newUserInfo);
}

private void updateUserInfoInternal(UserInfo newUserInfo) {
    UserPO managedUser = userRepository.findByUsername(newUserInfo.getUserId());
    if (!StringUtils.isBlank(newUserInfo.getEmail())) {
      managedUser.setEmail(newUserInfo.getEmail());
    }
    if (!StringUtils.isBlank(newUserInfo.getName())) {
      managedUser.setUserDisplayName(newUserInfo.getName());
    }
    userRepository.save(managedUser);
}

In both methods, the newUserInfo.getUserId() is used to set the username in the User object and to find the user in the UserRepository. There is no code that allows for the customization of the username.

Regarding your question about a configuration file similar to application-ldap.yml for OIDC, there is indeed a configuration file for OIDC named application-oidc-sample.yml located in the apollo-portal/src/main/resources/ directory. This file allows you to customize various OIDC settings such as the provider name, issuer URI, client ID, client secret, and scopes. However, it does not provide an option to customize the username attribute.

If you need to customize the username attribute, you might need to modify the OidcLocalUserServiceImpl class to use a different attribute from the UserInfo object as the username. Please note that this would require a good understanding of the Apollo codebase and the implications of such a change.

Sources

• apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/oidc/OidcLocalUserServiceImpl.java
• apollo-portal/src/main/resources/application-oidc-sample.yml

---

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been automatically closed because it has not had activity in the last 7 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.