use of com.sun.identity.authentication.modules.radius.client.RejectException in project OpenAM by OpenRock.
the class RADIUS method process.
/**
* Takes an array of submitted <code>Callback</code>, process them and decide the order of next state to go. Return
* STATE_SUCCEED if the login is successful, return STATE_FAILED if the LoginModule should be ignored.
*
* @param callbacks
* an array of <code>Callback</code> for this Login state
* @param state
* order of state. State order starts with 1.
* @return int order of next state. Return STATE_SUCCEED if authentication is successful, return STATE_FAILED if the
* LoginModule should be ignored.
* @throws AuthLoginException if the user fails authentication or some anomalous condition occurs
*/
@Override
public int process(Callback[] callbacks, int state) throws AuthLoginException {
String tmpPasswd = null;
String sState;
switch(state) {
case ISAuthConstants.LOGIN_START:
try {
radiusConn = new RadiusConn(primaryServers, secondaryServers, sharedSecret, iTimeOut, healthCheckInterval);
} catch (SocketException se) {
debug.error("RADIUS login failure; Socket Exception se == ", se);
shutdown();
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusNoServer", null);
} catch (Exception e) {
debug.error("RADIUS login failure; Can't connect to RADIUS server", e);
shutdown();
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusNoServer", null);
}
if (callbacks != null && callbacks.length == 0) {
username = (String) sharedState.get(getUserKey());
tmpPasswd = (String) sharedState.get(getPwdKey());
if (username == null || tmpPasswd == null) {
return ISAuthConstants.LOGIN_START;
}
getCredentialsFromSharedState = true;
} else {
username = ((NameCallback) callbacks[0]).getName();
tmpPasswd = charToString(((PasswordCallback) callbacks[1]).getPassword(), callbacks[1]);
if (debug.messageEnabled()) {
debug.message("username: " + username);
}
}
storeUsernamePasswd(username, tmpPasswd);
try {
succeeded = false;
radiusConn.authenticate(username, tmpPasswd);
} catch (RejectException re) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
return ISAuthConstants.LOGIN_START;
}
if (debug.messageEnabled()) {
debug.message("Radius login request rejected", re);
}
shutdown();
setFailureID(username);
throw new InvalidPasswordException(AM_AUTH_RADIUS, "RadiusLoginFailed", null, username, re);
} catch (IOException ioe) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
return ISAuthConstants.LOGIN_START;
}
debug.error("Radius request IOException", ioe);
shutdown();
setFailureID(username);
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
} catch (java.security.NoSuchAlgorithmException ne) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
return ISAuthConstants.LOGIN_START;
}
debug.error("Radius No Such Algorithm Exception", ne);
shutdown();
setFailureID(username);
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
} catch (ChallengeException ce) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
return ISAuthConstants.LOGIN_START;
}
cException = ce;
sState = ce.getState();
if (sState == null) {
debug.error("Radius failure - no state returned in challenge");
shutdown();
setFailureID(username);
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusAuth", null);
}
challengeID = ce.getReplyMessage();
if (debug.messageEnabled()) {
debug.message("Server challenge with " + "challengeID: " + challengeID);
}
setDynamicText(2);
return ISAuthConstants.LOGIN_CHALLENGE;
} catch (Exception e) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
return ISAuthConstants.LOGIN_START;
}
shutdown();
setFailureID(username);
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null, e);
}
succeeded = true;
break;
case ISAuthConstants.LOGIN_CHALLENGE:
String passwd = getChallengePassword(callbacks);
if (debug.messageEnabled()) {
debug.message("reply to challenge--username: " + username);
}
try {
succeeded = false;
radiusConn.replyChallenge(username, passwd, cException);
} catch (ChallengeException ce) {
sState = ce.getState();
if (sState == null) {
debug.error("handle Challenge failure - no state returned");
shutdown();
setFailureID(username);
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
}
resetCallback(2, 0);
challengeID = ce.getReplyMessage();
if (debug.messageEnabled()) {
debug.message("Server challenge again with challengeID: " + challengeID);
}
// save it for next replyChallenge
cException = ce;
setDynamicText(2);
return ISAuthConstants.LOGIN_CHALLENGE;
} catch (RejectException ex) {
debug.error("Radius challenge response rejected", ex);
shutdown();
setFailureID(username);
throw new InvalidPasswordException(AM_AUTH_RADIUS, "RadiusLoginFailed", null, username, ex);
} catch (IOException ioe) {
debug.error("Radius challenge IOException", ioe);
shutdown();
setFailureID(username);
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
} catch (java.security.NoSuchAlgorithmException ex) {
debug.error("Radius No Such Algorithm Exception", ex);
shutdown();
setFailureID(username);
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
} catch (Exception e) {
debug.error("RADIUS challenge Authentication Failed ", e);
shutdown();
setFailureID(username);
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
}
succeeded = true;
break;
default:
debug.error("RADIUS Authentication Failed - invalid state" + state);
shutdown();
succeeded = false;
setFailureID(username);
throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
}
if (succeeded) {
if (debug.messageEnabled()) {
debug.message("RADIUS authentication successful");
}
if (username != null) {
StringTokenizer usernameToken = new StringTokenizer(username, ",");
userTokenId = usernameToken.nextToken();
}
if (debug.messageEnabled()) {
debug.message("userTokenID: " + userTokenId);
}
shutdown();
return ISAuthConstants.LOGIN_SUCCEED;
} else {
if (debug.messageEnabled()) {
debug.message("RADIUS authentication to be ignored");
}
return ISAuthConstants.LOGIN_IGNORE;
}
}
Aggregations