Example 1 with RadiusAttribute
use of net.jradius.packet.attribute.RadiusAttribute in project cas by apereo.
the class JRadiusServerImpl method authenticate.
@Override
public RadiusResponse authenticate(final String username, final String password) throws Exception {
final AttributeList attributeList = new AttributeList();
attributeList.add(new Attr_UserName(username));
attributeList.add(new Attr_UserPassword(password));
if (StringUtils.isNotBlank(this.nasIpAddress)) {
attributeList.add(new Attr_NASIPAddress(this.nasIpAddress));
}
if (StringUtils.isNotBlank(this.nasIpv6Address)) {
attributeList.add(new Attr_NASIPv6Address(this.nasIpv6Address));
}
if (this.nasPort != -1) {
attributeList.add(new Attr_NASPort(this.nasPort));
}
if (this.nasPortId != -1) {
attributeList.add(new Attr_NASPortId(this.nasPortId));
}
if (StringUtils.isNotBlank(this.nasIdentifier)) {
attributeList.add(new Attr_NASIdentifier(this.nasIdentifier));
}
if (this.nasRealPort != -1) {
attributeList.add(new Attr_NASRealPort(this.nasRealPort));
}
if (this.nasPortType != -1) {
attributeList.add(new Attr_NASPortType(this.nasPortType));
}
RadiusClient client = null;
try {
client = this.radiusClientFactory.newInstance();
final AccessRequest request = new AccessRequest(client, attributeList);
final RadiusPacket response = client.authenticate(request, RadiusClient.getAuthProtocol(this.protocol.getName()), this.retries);
LOGGER.debug("RADIUS response from [{}]: [{}]", client.getRemoteInetAddress().getCanonicalHostName(), response.getClass().getName());
if (response instanceof AccessAccept) {
final List<RadiusAttribute> attributes = response.getAttributes().getAttributeList();
LOGGER.debug("Radius response code [{}] accepted with attributes [{}] and identifier [{}]", response.getCode(), attributes, response.getIdentifier());
return new RadiusResponse(response.getCode(), response.getIdentifier(), attributes);
}
LOGGER.debug("Response is not recognized");
} finally {
if (client != null) {
client.close();
}
}
return null;
}
Also used :
Attr_NASRealPort(net.jradius.dictionary.vsa_redback.Attr_NASRealPort)
RadiusClient(net.jradius.client.RadiusClient)
AccessRequest(net.jradius.packet.AccessRequest)
AttributeList(net.jradius.packet.attribute.AttributeList)
Attr_NASPort(net.jradius.dictionary.Attr_NASPort)
Attr_NASIPAddress(net.jradius.dictionary.Attr_NASIPAddress)
Attr_NASPortId(net.jradius.dictionary.Attr_NASPortId)
Attr_UserPassword(net.jradius.dictionary.Attr_UserPassword)
Attr_NASPortType(net.jradius.dictionary.Attr_NASPortType)
RadiusAttribute(net.jradius.packet.attribute.RadiusAttribute)
RadiusPacket(net.jradius.packet.RadiusPacket)
Attr_UserName(net.jradius.dictionary.Attr_UserName)
Attr_NASIPv6Address(net.jradius.dictionary.Attr_NASIPv6Address)
Attr_NASIdentifier(net.jradius.dictionary.Attr_NASIdentifier)
AccessAccept(net.jradius.packet.AccessAccept)
Example 2 with RadiusAttribute
use of net.jradius.packet.attribute.RadiusAttribute in project opennms by OpenNMS.
the class RadiusAuthenticationProvider method retrieveUser.
/* (non-Javadoc)
* @see org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.springframework.security.providers.UsernamePasswordAuthenticationToken)
*/
/** {@inheritDoc} */
@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken token) throws AuthenticationException {
if (!StringUtils.hasLength(username)) {
LOG.info("Authentication attempted with empty username");
throw new BadCredentialsException(messages.getMessage("RadiusAuthenticationProvider.emptyUsername", "Username cannot be empty"));
}
String password = (String) token.getCredentials();
if (!StringUtils.hasLength(password)) {
LOG.info("Authentication attempted with empty password");
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
InetAddress serverIP = null;
serverIP = InetAddressUtils.addr(server);
if (serverIP == null) {
LOG.error("Could not resolve radius server address {}", server);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.unknownServer", "Could not resolve radius server address"));
}
AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
AttributeList attributeList = new AttributeList();
attributeList.add(new Attr_UserName(username));
attributeList.add(new Attr_UserPassword(password));
RadiusPacket reply;
try {
RadiusClient radiusClient = new RadiusClient(serverIP, secret, port, port + 1, timeout);
AccessRequest request = new AccessRequest(radiusClient, attributeList);
LOG.debug("Sending AccessRequest message to {}:{} using {} protocol with timeout = {}, retries = {}, attributes:\n{}", InetAddressUtils.str(serverIP), port, (authTypeClass == null ? "PAP" : authTypeClass.getAuthName()), timeout, retries, attributeList.toString());
reply = radiusClient.authenticate(request, authTypeClass, retries);
} catch (RadiusException e) {
LOG.error("Error connecting to radius server {} : {}", server, e);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[] { e }, "Error connecting to radius server: " + e));
} catch (IOException e) {
LOG.error("Error connecting to radius server {} : {}", server, e);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[] { e }, "Error connecting to radius server: " + e));
}
if (reply == null) {
LOG.error("Timed out connecting to radius server {}", server);
throw new AuthenticationServiceException(messages.getMessage("RadiusAuthenticationProvider.radiusTimeout", "Timed out connecting to radius server"));
}
if (!(reply instanceof AccessAccept)) {
LOG.info("Received a reply other than AccessAccept from radius server {} for user {} :\n{}", server, username, reply.toString());
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
LOG.debug("Received AccessAccept message from {}:{} for user {} with attributes:\n{}", InetAddressUtils.str(serverIP), port, username, reply.getAttributes().toString());
String roles = null;
if (!StringUtils.hasLength(rolesAttribute)) {
LOG.debug("rolesAttribute not set, using default roles ({}) for user {}", defaultRoles, username);
roles = new String(defaultRoles);
} else {
Iterator<RadiusAttribute> attributes = reply.getAttributes().getAttributeList().iterator();
while (attributes.hasNext()) {
RadiusAttribute attribute = attributes.next();
if (rolesAttribute.equals(attribute.getAttributeName())) {
roles = new String(attribute.getValue().getBytes());
break;
}
}
if (roles == null) {
LOG.info("Radius attribute {} not found, using default roles ({}) for user {}", rolesAttribute, defaultRoles, username);
roles = new String(defaultRoles);
}
}
String[] rolesArray = roles.replaceAll("\\s*", "").split(",");
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(rolesArray.length);
for (String role : rolesArray) {
authorities.add(new SimpleGrantedAuthority(role));
}
StringBuffer readRoles = new StringBuffer();
for (GrantedAuthority authority : authorities) {
readRoles.append(authority.toString() + ", ");
}
if (readRoles.length() > 0) {
readRoles.delete(readRoles.length() - 2, readRoles.length());
}
LOG.debug("Parsed roles {} for user {}", readRoles, username);
return new User(username, password, true, true, true, true, authorities);
}
Also used :
RadiusClient(net.jradius.client.RadiusClient)
User(org.springframework.security.core.userdetails.User)
AccessRequest(net.jradius.packet.AccessRequest)
AttributeList(net.jradius.packet.attribute.AttributeList)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Attr_UserPassword(net.jradius.dictionary.Attr_UserPassword)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
RadiusAttribute(net.jradius.packet.attribute.RadiusAttribute)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
RadiusPacket(net.jradius.packet.RadiusPacket)
Attr_UserName(net.jradius.dictionary.Attr_UserName)
InetAddress(java.net.InetAddress)
RadiusException(net.jradius.exception.RadiusException)
AccessAccept(net.jradius.packet.AccessAccept)
Aggregations
RadiusClient (net.jradius.client.RadiusClient)2
Attr_UserName (net.jradius.dictionary.Attr_UserName)2
Attr_UserPassword (net.jradius.dictionary.Attr_UserPassword)2
AccessAccept (net.jradius.packet.AccessAccept)2
AccessRequest (net.jradius.packet.AccessRequest)2
RadiusPacket (net.jradius.packet.RadiusPacket)2
AttributeList (net.jradius.packet.attribute.AttributeList)2
RadiusAttribute (net.jradius.packet.attribute.RadiusAttribute)2
IOException (java.io.IOException)1
InetAddress (java.net.InetAddress)1
ArrayList (java.util.ArrayList)1
Attr_NASIPAddress (net.jradius.dictionary.Attr_NASIPAddress)1
Attr_NASIPv6Address (net.jradius.dictionary.Attr_NASIPv6Address)1
Attr_NASIdentifier (net.jradius.dictionary.Attr_NASIdentifier)1
Attr_NASPort (net.jradius.dictionary.Attr_NASPort)1
Attr_NASPortId (net.jradius.dictionary.Attr_NASPortId)1
Attr_NASPortType (net.jradius.dictionary.Attr_NASPortType)1
Attr_NASRealPort (net.jradius.dictionary.vsa_redback.Attr_NASRealPort)1
RadiusException (net.jradius.exception.RadiusException)1
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1
