Example 1 with AccessReject
use of org.forgerock.openam.radius.common.AccessReject in project OpenAM by OpenRock.
the class RadiusConn method sendPacket.
/**
* Finds an available server and then sends a packet to that servers.
*
* @param packet the packet.
* @throws IOException if there is a problem.
* @throws RejectException if there is a problem.
* @throws ChallengeException if there is a problem.
*/
private void sendPacket(Packet packet) throws IOException, RejectException, ChallengeException {
Packet res = null;
RADIUSServer server = null;
while (res == null) {
server = getOnlineServer();
if (debug.messageEnabled()) {
debug.message("Using " + server + " for contact RADIUS");
}
try {
send(packet, server);
res = receive();
if (res instanceof AccessReject) {
throw new RejectException((AccessReject) res);
} else if (res instanceof AccessChallenge) {
throw new ChallengeException((AccessChallenge) res);
}
} catch (IOException ioe) {
if (ioe instanceof ConnectException || ioe instanceof SocketTimeoutException) {
if (debug.messageEnabled()) {
debug.message("Moving server to offline state - " + server);
}
synchronized (SERVER_STATUS) {
SERVER_STATUS.put(server, Boolean.FALSE);
}
synchronized (SERVER_MONITOR_LOCK) {
if (serverMonitor == null || serverMonitor.scheduledExecutionTime() == -1) {
serverMonitor = new RADIUSMonitor();
SystemTimer.getTimer().schedule(serverMonitor, new Date(((System.currentTimeMillis()) / 1000) * 1000));
}
}
} else {
throw ioe;
}
}
}
}
Also used :
Packet(org.forgerock.openam.radius.common.Packet)
DatagramPacket(java.net.DatagramPacket)
SocketTimeoutException(java.net.SocketTimeoutException)
AccessReject(org.forgerock.openam.radius.common.AccessReject)
RADIUSServer(com.sun.identity.authentication.modules.radius.RADIUSServer)
IOException(java.io.IOException)
AccessChallenge(org.forgerock.openam.radius.common.AccessChallenge)
Date(java.util.Date)
ConnectException(java.net.ConnectException)
Example 2 with AccessReject
use of org.forgerock.openam.radius.common.AccessReject in project OpenAM by OpenRock.
the class ConsoleClient method run.
/**
* Calls the server in a thread.
*/
@Override
public void run() {
try {
final DatagramChannel chan = DatagramChannel.open();
// request id
short reqId = 1;
final SecureRandom random = new SecureRandom();
final InetSocketAddress serverAddr = new InetSocketAddress(this.host, this.port);
final NASIPAddressAttribute nasAddr = new NASIPAddressAttribute(InetAddress.getLocalHost());
final NASPortAttribute nasPort = new NASPortAttribute(chan.socket().getLocalPort());
StateAttribute state = null;
// String username = "boydmr"; // TODO: restore
final String username = getUserInputFor("Username", null);
// String passwordOrAnswer = "password"; // TODO: restore
String passwordOrAnswer = getUserInputFor("Password", null);
System.out.println();
boolean finished = false;
// ready for writing
final ByteBuffer bufIn = ByteBuffer.allocate(4096);
while (!finished) {
final RequestAuthenticator reqAuthR = new RequestAuthenticator(random, this.secret);
final AccessRequest req = new AccessRequest(reqId++, reqAuthR);
req.addAttribute(new UserNameAttribute(username));
req.addAttribute(new UserPasswordAttribute(req.getAuthenticator(), this.secret, passwordOrAnswer));
req.addAttribute(nasAddr);
req.addAttribute(nasPort);
if (state != null) {
req.addAttribute(state);
}
final ByteBuffer reqBuf = ByteBuffer.wrap(req.getOctets());
if (logTraffic) {
System.out.println("Packet To " + host + ":" + port);
System.out.println(RadiusRequestContext.getPacketRepresentation(req));
}
chan.send(reqBuf, serverAddr);
// now handle responses possibly sending additional requests
chan.receive(bufIn);
// prepare buffer for reading out
bufIn.flip();
final Packet res = PacketFactory.toPacket(bufIn);
// prepare buffer for next response
bufIn.clear();
if (logTraffic) {
System.out.println("Packet From " + host + ":" + port);
System.out.println(RadiusRequestContext.getPacketRepresentation(res));
}
if (res instanceof AccessReject) {
System.out.println("---> Sorry. Not Authenticated.");
System.out.println();
finished = true;
} else if (res instanceof AccessAccept) {
System.out.println("---> SUCCESS! You've Authenticated!");
System.out.println();
finished = true;
} else if (res instanceof AccessChallenge) {
final AccessChallenge chng = (AccessChallenge) res;
state = (StateAttribute) getAttribute(StateAttribute.class, res);
final ReplyMessageAttribute msg = (ReplyMessageAttribute) getAttribute(ReplyMessageAttribute.class, res);
String message = null;
if (msg != null) {
message = msg.getMessage();
}
passwordOrAnswer = getUserInputFor("Answer", message);
System.out.println();
}
}
} catch (final Exception e) {
e.printStackTrace();
}
}
Also used :
StateAttribute(org.forgerock.openam.radius.common.StateAttribute)
Packet(org.forgerock.openam.radius.common.Packet)
RequestAuthenticator(org.forgerock.openam.radius.common.RequestAuthenticator)
AccessRequest(org.forgerock.openam.radius.common.AccessRequest)
InetSocketAddress(java.net.InetSocketAddress)
DatagramChannel(java.nio.channels.DatagramChannel)
SecureRandom(java.security.SecureRandom)
NASIPAddressAttribute(org.forgerock.openam.radius.common.packet.NASIPAddressAttribute)
ByteBuffer(java.nio.ByteBuffer)
IOException(java.io.IOException)
ReplyMessageAttribute(org.forgerock.openam.radius.common.ReplyMessageAttribute)
UserNameAttribute(org.forgerock.openam.radius.common.UserNameAttribute)
AccessReject(org.forgerock.openam.radius.common.AccessReject)
NASPortAttribute(org.forgerock.openam.radius.common.packet.NASPortAttribute)
AccessChallenge(org.forgerock.openam.radius.common.AccessChallenge)
UserPasswordAttribute(org.forgerock.openam.radius.common.UserPasswordAttribute)
AccessAccept(org.forgerock.openam.radius.common.AccessAccept)
Example 3 with AccessReject
use of org.forgerock.openam.radius.common.AccessReject in project OpenAM by OpenRock.
the class OpenAMAuthHandler method rejectAccessAndTerminateProcess.
/**
* Sends a RADIUS AccessReject response and cleans up the cache and authentication context if it not null by calling
* its logout method.
*
* @param respHandler
* the response handler for the request
* @param holder
* - the context holder for this radius server
*/
private void rejectAccessAndTerminateProcess(RadiusResponse response, ContextHolder holder) {
response.setResponsePacket(new AccessReject());
response.setUniversalId(holder.getUniversalId());
terminateAuthnProcess(holder);
}
Also used :
AccessReject(org.forgerock.openam.radius.common.AccessReject)
Example 4 with AccessReject
use of org.forgerock.openam.radius.common.AccessReject in project OpenAM by OpenRock.
the class RadiusRequestContext method send.
/**
* Takes the passed-in packet, injects the ID of the request and a response authenticator and sends it to the source
* of the request.
*
* @param response The packet to be sent to the client.
* @throws RadiusProcessingException - if the request can not be sent due to network issues etc.
*/
public void send(Packet response) throws RadiusProcessingException {
if (sendWasCalled) {
LOG.warning("Handler class '" + clientConfig.getAccessRequestHandlerClass().getSimpleName() + "' declared for client " + clientConfig.getName() + " called send more than once.");
return;
}
sendWasCalled = true;
if (response == null) {
LOG.error("Handler class '" + clientConfig.getAccessRequestHandlerClass().getSimpleName() + "' declared for client " + clientConfig.getName() + " attempted to send a null response. Rejecting access.");
send(new AccessReject());
return;
}
// inject the id and authenticator
response.setIdentifier(requestId);
injectResponseAuthenticator(response);
if (clientConfig.isLogPackets()) {
logPacketContent(response, "\nPacket to " + clientConfig.getName() + ":");
}
final ByteBuffer reqBuf = ByteBuffer.wrap(response.getOctets());
try {
LOG.message("Sending response of type " + response.getType() + " to " + clientConfig.getName());
channel.send(reqBuf, source);
} catch (final IOException e) {
LOG.error("Unable to send response to " + clientConfig.getName() + ".", e);
}
}
Also used :
AccessReject(org.forgerock.openam.radius.common.AccessReject)
IOException(java.io.IOException)
ByteBuffer(java.nio.ByteBuffer)
Example 5 with AccessReject
use of org.forgerock.openam.radius.common.AccessReject in project OpenAM by OpenRock.
the class RadiusRequestHandler method sendAccessReject.
/**
* Attempts to send an AccessReject message to the client. Failed attempts will be logged.
*
* @param reqCtx
* - the RadiusRequestContext that will be used to send the AccessReject packet.
*/
private void sendAccessReject(RadiusRequestContext reqCtx) {
try {
reqCtx.send(new AccessReject());
LOG.message("Rejected access request.");
} catch (final RadiusProcessingException e1) {
LOG.warning("Failed to send AccessReject() response to client.");
}
}
Also used :
AccessReject(org.forgerock.openam.radius.common.AccessReject)
Aggregations
AccessReject (org.forgerock.openam.radius.common.AccessReject)5
IOException (java.io.IOException)3
ByteBuffer (java.nio.ByteBuffer)2
AccessChallenge (org.forgerock.openam.radius.common.AccessChallenge)2
Packet (org.forgerock.openam.radius.common.Packet)2
RADIUSServer (com.sun.identity.authentication.modules.radius.RADIUSServer)1
ConnectException (java.net.ConnectException)1
DatagramPacket (java.net.DatagramPacket)1
InetSocketAddress (java.net.InetSocketAddress)1
SocketTimeoutException (java.net.SocketTimeoutException)1
DatagramChannel (java.nio.channels.DatagramChannel)1
SecureRandom (java.security.SecureRandom)1
Date (java.util.Date)1
AccessAccept (org.forgerock.openam.radius.common.AccessAccept)1
AccessRequest (org.forgerock.openam.radius.common.AccessRequest)1
ReplyMessageAttribute (org.forgerock.openam.radius.common.ReplyMessageAttribute)1
RequestAuthenticator (org.forgerock.openam.radius.common.RequestAuthenticator)1
StateAttribute (org.forgerock.openam.radius.common.StateAttribute)1
UserNameAttribute (org.forgerock.openam.radius.common.UserNameAttribute)1
UserPasswordAttribute (org.forgerock.openam.radius.common.UserPasswordAttribute)1
