Example 1 with RadiusException
use of net.jradius.exception.RadiusException in project opennms by OpenNMS.
the class RadiusAuthenticationProvider method retrieveUser.
/* (non-Javadoc)
* @see org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.springframework.security.providers.UsernamePasswordAuthenticationToken)
*/
/**
* {@inheritDoc}
*/
@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken token) throws AuthenticationException {
if (!StringUtils.hasLength(username)) {
LOG.info("Authentication attempted with empty username");
throw new BadCredentialsException(messages.getMessage("RadiusAuthenticationProvider.emptyUsername", "Username cannot be empty"));
}
String password = (String) token.getCredentials();
if (!StringUtils.hasLength(password)) {
LOG.info("Authentication attempted with empty password");
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
InetAddress serverIP = null;
serverIP = InetAddressUtils.addr(server);
if (serverIP == null) {
LOG.error("Could not resolve radius server address {}", server);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.unknownServer", "Could not resolve radius server address"));
}
AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
AttributeList attributeList = new AttributeList();
attributeList.add(new Attr_UserName(username));
attributeList.add(new Attr_UserPassword(password));
RadiusPacket reply;
try {
RadiusClient radiusClient = new RadiusClient(serverIP, secret, port, port + 1, timeout);
AccessRequest request = new AccessRequest(radiusClient, attributeList);
LOG.debug("Sending AccessRequest message to {}:{} using {} protocol with timeout = {}, retries = {}, attributes:\n{}", InetAddressUtils.str(serverIP), port, (authTypeClass == null ? "PAP" : authTypeClass.getAuthName()), timeout, retries, attributeList.toString());
reply = radiusClient.authenticate(request, authTypeClass, retries);
} catch (RadiusException e) {
LOG.error("Error connecting to radius server {} : {}", server, e);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[] { e }, "Error connecting to radius server: " + e));
} catch (IOException e) {
LOG.error("Error connecting to radius server {} : {}", server, e);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[] { e }, "Error connecting to radius server: " + e));
} catch (NoSuchAlgorithmException e) {
LOG.error("Error no such algorithm {} : {}", this.authTypeClass.getClass().getName(), e);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[] { e }, "Error connecting to radius server: " + e));
}
if (reply == null) {
LOG.error("Timed out connecting to radius server {}", server);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusTimeout", "Timed out connecting to radius server"));
}
if (!(reply instanceof AccessAccept)) {
LOG.info("Received a reply other than AccessAccept from radius server {} for user {} :\n{}", server, username, reply.toString());
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
LOG.debug("Received AccessAccept message from {}:{} for user {} with attributes:\n{}", InetAddressUtils.str(serverIP), port, username, reply.getAttributes().toString());
String roles = null;
if (!StringUtils.hasLength(rolesAttribute)) {
LOG.debug("rolesAttribute not set, using default roles ({}) for user {}", defaultRoles, username);
roles = new String(defaultRoles);
} else {
Iterator<RadiusAttribute> attributes = reply.getAttributes().getAttributeList().iterator();
while (attributes.hasNext()) {
RadiusAttribute attribute = attributes.next();
if (rolesAttribute.equals(attribute.getAttributeName())) {
roles = new String(attribute.getValue().getBytes());
break;
}
}
if (roles == null) {
LOG.info("Radius attribute {} not found, using default roles ({}) for user {}", rolesAttribute, defaultRoles, username);
roles = new String(defaultRoles);
}
}
String[] rolesArray = roles.replaceAll("\\s*", "").split(",");
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(rolesArray.length);
for (String role : rolesArray) {
authorities.add(new SimpleGrantedAuthority(role));
}
final StringBuilder readRoles = new StringBuilder();
for (GrantedAuthority authority : authorities) {
readRoles.append(authority.toString() + ", ");
}
if (readRoles.length() > 0) {
readRoles.delete(readRoles.length() - 2, readRoles.length());
}
LOG.debug("Parsed roles {} for user {}", readRoles, username);
return new User(username, password, true, true, true, true, authorities);
}
Also used :
RadiusClient(net.jradius.client.RadiusClient)
User(org.springframework.security.core.userdetails.User)
AccessRequest(net.jradius.packet.AccessRequest)
AttributeList(net.jradius.packet.attribute.AttributeList)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Attr_UserPassword(net.jradius.dictionary.Attr_UserPassword)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
RadiusAttribute(net.jradius.packet.attribute.RadiusAttribute)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
RadiusPacket(net.jradius.packet.RadiusPacket)
Attr_UserName(net.jradius.dictionary.Attr_UserName)
InetAddress(java.net.InetAddress)
RadiusException(net.jradius.exception.RadiusException)
AccessAccept(net.jradius.packet.AccessAccept)
Aggregations
IOException (java.io.IOException)1
InetAddress (java.net.InetAddress)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
ArrayList (java.util.ArrayList)1
RadiusClient (net.jradius.client.RadiusClient)1
Attr_UserName (net.jradius.dictionary.Attr_UserName)1
Attr_UserPassword (net.jradius.dictionary.Attr_UserPassword)1
RadiusException (net.jradius.exception.RadiusException)1
AccessAccept (net.jradius.packet.AccessAccept)1
AccessRequest (net.jradius.packet.AccessRequest)1
RadiusPacket (net.jradius.packet.RadiusPacket)1
AttributeList (net.jradius.packet.attribute.AttributeList)1
RadiusAttribute (net.jradius.packet.attribute.RadiusAttribute)1
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1
GrantedAuthority (org.springframework.security.core.GrantedAuthority)1
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1
User (org.springframework.security.core.userdetails.User)1
