use of net.jradius.packet.RadiusPacket in project cas by apereo.
the class JRadiusServerImpl method authenticate.
@Override
public RadiusResponse authenticate(final String username, final String password) throws Exception {
final AttributeList attributeList = new AttributeList();
attributeList.add(new Attr_UserName(username));
attributeList.add(new Attr_UserPassword(password));
if (StringUtils.isNotBlank(this.nasIpAddress)) {
attributeList.add(new Attr_NASIPAddress(this.nasIpAddress));
}
if (StringUtils.isNotBlank(this.nasIpv6Address)) {
attributeList.add(new Attr_NASIPv6Address(this.nasIpv6Address));
}
if (this.nasPort != -1) {
attributeList.add(new Attr_NASPort(this.nasPort));
}
if (this.nasPortId != -1) {
attributeList.add(new Attr_NASPortId(this.nasPortId));
}
if (StringUtils.isNotBlank(this.nasIdentifier)) {
attributeList.add(new Attr_NASIdentifier(this.nasIdentifier));
}
if (this.nasRealPort != -1) {
attributeList.add(new Attr_NASRealPort(this.nasRealPort));
}
if (this.nasPortType != -1) {
attributeList.add(new Attr_NASPortType(this.nasPortType));
}
RadiusClient client = null;
try {
client = this.radiusClientFactory.newInstance();
final AccessRequest request = new AccessRequest(client, attributeList);
final RadiusPacket response = client.authenticate(request, RadiusClient.getAuthProtocol(this.protocol.getName()), this.retries);
LOGGER.debug("RADIUS response from [{}]: [{}]", client.getRemoteInetAddress().getCanonicalHostName(), response.getClass().getName());
if (response instanceof AccessAccept) {
final List<RadiusAttribute> attributes = response.getAttributes().getAttributeList();
LOGGER.debug("Radius response code [{}] accepted with attributes [{}] and identifier [{}]", response.getCode(), attributes, response.getIdentifier());
return new RadiusResponse(response.getCode(), response.getIdentifier(), attributes);
}
LOGGER.debug("Response is not recognized");
} finally {
if (client != null) {
client.close();
}
}
return null;
}
use of net.jradius.packet.RadiusPacket in project opennms by OpenNMS.
the class RadiusAuthMonitor method poll.
/**
* {@inheritDoc}
*
* Radius Authentication Poller
*
* Note that the poller will return SERVICE_AVAILABLE only if the
* authentication Request actually succeeds. A failed authentication
* request will result in SERVICE_UNAVILABLE, although the radius
* server may actually be up.
* @see org.opennms.netmgt.poller.ServiceMonitor#SERVICE_AVAILABLE
* @see org.opennms.netmgt.poller.ServiceMonitor#SERVICE_UNAVAILABLE
* @see org.opennms.netmgt.poller.ServiceMonitor#SERVICE_UNRESPONSIVE
* @see org.opennms.netmgt.poller.ServiceMonitor#SERVICE_AVAILABLE
* @see org.opennms.netmgt.poller.ServiceMonitor#SERVICE_UNAVAILABLE
* @see org.opennms.netmgt.poller.ServiceMonitor#SERVICE_UNRESPONSIVE
* @see org.opennms.netmgt.poller.ServiceMonitor#SERVICE_AVAILABLE
* @see org.opennms.netmgt.poller.ServiceMonitor#SERVICE_UNAVAILABLE
* @see org.opennms.netmgt.poller.ServiceMonitor#SERVICE_UNRESPONSIVE
*/
@Override
public PollStatus poll(MonitoredService svc, Map<String, Object> parameters) {
// Assume that the service is down
PollStatus status = PollStatus.unavailable();
if (parameters == null) {
throw new NullPointerException();
}
final TimeoutTracker tracker = new TimeoutTracker(parameters, DEFAULT_RETRY, DEFAULT_TIMEOUT);
int authport = ParameterMap.getKeyedInteger(parameters, "authport", DEFAULT_AUTH_PORT);
int acctport = ParameterMap.getKeyedInteger(parameters, "acctport", DEFAULT_ACCT_PORT);
String user = ParameterMap.getKeyedString(parameters, "user", DEFAULT_USER);
String password = ParameterMap.getKeyedString(parameters, "password", DEFAULT_PASSWORD);
String secret = ParameterMap.getKeyedString(parameters, "secret", DEFAULT_SECRET);
String authType = ParameterMap.getKeyedString(parameters, "authtype", DEFAULT_AUTH_TYPE);
String nasid = ParameterMap.getKeyedString(parameters, "nasid", DEFAULT_NASID);
InetAddress addr = svc.getAddress();
AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
int timeout = convertTimeoutToSeconds(ParameterMap.getKeyedInteger(parameters, "timeout", DEFAULT_TIMEOUT));
try {
final RadiusClient rc = new RadiusClient(addr, secret, authport, acctport, timeout);
for (tracker.reset(); tracker.shouldRetry(); tracker.nextAttempt()) {
final AttributeList attributes = new AttributeList();
attributes.add(new Attr_UserName(user));
attributes.add(new Attr_NASIdentifier(nasid));
attributes.add(new Attr_UserPassword(password));
final AccessRequest accessRequest = new AccessRequest(rc, attributes);
final RadiusAuthenticator auth;
if (authType.equalsIgnoreCase("chap")) {
auth = new CHAPAuthenticator();
} else if (authType.equalsIgnoreCase("pap")) {
auth = new PAPAuthenticator();
} else if (authType.equalsIgnoreCase("mschapv1")) {
auth = new MSCHAPv1Authenticator();
} else if (authType.equalsIgnoreCase("mschapv2")) {
auth = new MSCHAPv2Authenticator();
} else if (authType.equalsIgnoreCase("eapmd5") || authType.equalsIgnoreCase("eap-md5")) {
auth = new EAPMD5Authenticator();
} else if (authType.equalsIgnoreCase("eapmschapv2") || authType.equalsIgnoreCase("eap-mschapv2")) {
auth = new EAPMSCHAPv2Authenticator();
} else {
String reason = "Unknown authenticator type '" + authType + "'";
RadiusAuthMonitor.LOG.debug(reason);
return PollStatus.unavailable(reason);
}
tracker.startAttempt();
// The retry should be handled by the RadiusClient because otherwise it will thrown an exception.
RadiusPacket reply = rc.authenticate(accessRequest, auth, ParameterMap.getKeyedInteger(parameters, "retry", DEFAULT_RETRY));
if (reply instanceof AccessAccept) {
double responseTime = tracker.elapsedTimeInMillis();
status = PollStatus.available(responseTime);
LOG.debug("Radius service is AVAILABLE on: {}", addr.getCanonicalHostName());
LOG.debug("poll: responseTime= {}", responseTime);
break;
} else if (reply != null) {
LOG.debug("response returned, but request was not accepted: {}", reply);
}
String reason = "Invalid RADIUS reply: " + reply;
RadiusAuthMonitor.LOG.debug(reason);
status = PollStatus.unavailable(reason);
}
} catch (final Throwable e) {
String reason = "Error while attempting to connect to the RADIUS service on " + addr.getCanonicalHostName();
RadiusAuthMonitor.LOG.debug(reason, e);
status = PollStatus.unavailable(reason);
}
return status;
}
use of net.jradius.packet.RadiusPacket in project opennms by OpenNMS.
the class RadiusAuthenticationProvider method retrieveUser.
/* (non-Javadoc)
* @see org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.springframework.security.providers.UsernamePasswordAuthenticationToken)
*/
/** {@inheritDoc} */
@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken token) throws AuthenticationException {
if (!StringUtils.hasLength(username)) {
LOG.info("Authentication attempted with empty username");
throw new BadCredentialsException(messages.getMessage("RadiusAuthenticationProvider.emptyUsername", "Username cannot be empty"));
}
String password = (String) token.getCredentials();
if (!StringUtils.hasLength(password)) {
LOG.info("Authentication attempted with empty password");
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
InetAddress serverIP = null;
serverIP = InetAddressUtils.addr(server);
if (serverIP == null) {
LOG.error("Could not resolve radius server address {}", server);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.unknownServer", "Could not resolve radius server address"));
}
AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
AttributeList attributeList = new AttributeList();
attributeList.add(new Attr_UserName(username));
attributeList.add(new Attr_UserPassword(password));
RadiusPacket reply;
try {
RadiusClient radiusClient = new RadiusClient(serverIP, secret, port, port + 1, timeout);
AccessRequest request = new AccessRequest(radiusClient, attributeList);
LOG.debug("Sending AccessRequest message to {}:{} using {} protocol with timeout = {}, retries = {}, attributes:\n{}", InetAddressUtils.str(serverIP), port, (authTypeClass == null ? "PAP" : authTypeClass.getAuthName()), timeout, retries, attributeList.toString());
reply = radiusClient.authenticate(request, authTypeClass, retries);
} catch (RadiusException e) {
LOG.error("Error connecting to radius server {} : {}", server, e);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[] { e }, "Error connecting to radius server: " + e));
} catch (IOException e) {
LOG.error("Error connecting to radius server {} : {}", server, e);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[] { e }, "Error connecting to radius server: " + e));
}
if (reply == null) {
LOG.error("Timed out connecting to radius server {}", server);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusTimeout", "Timed out connecting to radius server"));
}
if (!(reply instanceof AccessAccept)) {
LOG.info("Received a reply other than AccessAccept from radius server {} for user {} :\n{}", server, username, reply.toString());
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
LOG.debug("Received AccessAccept message from {}:{} for user {} with attributes:\n{}", InetAddressUtils.str(serverIP), port, username, reply.getAttributes().toString());
String roles = null;
if (!StringUtils.hasLength(rolesAttribute)) {
LOG.debug("rolesAttribute not set, using default roles ({}) for user {}", defaultRoles, username);
roles = new String(defaultRoles);
} else {
Iterator<RadiusAttribute> attributes = reply.getAttributes().getAttributeList().iterator();
while (attributes.hasNext()) {
RadiusAttribute attribute = attributes.next();
if (rolesAttribute.equals(attribute.getAttributeName())) {
roles = new String(attribute.getValue().getBytes());
break;
}
}
if (roles == null) {
LOG.info("Radius attribute {} not found, using default roles ({}) for user {}", rolesAttribute, defaultRoles, username);
roles = new String(defaultRoles);
}
}
String[] rolesArray = roles.replaceAll("\\s*", "").split(",");
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(rolesArray.length);
for (String role : rolesArray) {
authorities.add(new SimpleGrantedAuthority(role));
}
StringBuffer readRoles = new StringBuffer();
for (GrantedAuthority authority : authorities) {
readRoles.append(authority.toString() + ", ");
}
if (readRoles.length() > 0) {
readRoles.delete(readRoles.length() - 2, readRoles.length());
}
LOG.debug("Parsed roles {} for user {}", readRoles, username);
return new User(username, password, true, true, true, true, authorities);
}
Aggregations