Examples with AuthRequestReceivedEvent org.forgerock.openam.radius.server.events.AuthRequestReceivedEvent used on opensource projects

Example 1 with AuthRequestReceivedEvent

use of org.forgerock.openam.radius.server.events.AuthRequestReceivedEvent in project OpenAM by OpenRock.

the class OpenAMAuthHandler method handle.

/**
     * Handles the request in potentially two distinct ways depending on whether a state attribute is found in the
     * request or not. When no state field is found this is an initial request starting the authentication process and
     * the request will have username and password embedded and ready for consumption by the first module in the chain.
     * Any request with a state attribute is a user response to a previous challenge response that we sent back to them
     * in a previously started authentication process. The number of challenge responses that are sent and their
     * corresponding replies is dependent upon the number of modules in the chain and the number of callback fields in
     * each set of callbacks. A set of callbacks represents one grouping of data needed by a module to complete its next
     * step in the authentication process that it implements. This grouping in a web environment constitutes a single
     * page into which a number of fields can receive data. However, to gather additional feedback from a user the
     * radius protocol only supports a challenge response with a text message and state and radius clients typically
     * present that message and a single text input field with a label like, "Answer", and submit and cancel buttons.
     * This means that we only get a single answer per radius challenge response. Therefore, for some callback groupings
     * we will need to return multiple challenge responses before we can submit the callback set's user response values
     * back to the module to take the next step in authentication.
     *
     * @param request
     *            the access request
     * @param response
     *            - the response to be sent to the client.
     * @param context
     *            - provides methods that the handler can use to obtain information about the context in which the
     *            request was made, for example the name and IP address of the client from which the request was
     *            received.
     * @return
     * @throws RadiusProcessingException
     *             - when the response can not be sent.
     */
@Override
public void handle(RadiusRequest request, RadiusResponse response, RadiusRequestContext context) throws RadiusProcessingException {
    LOG.message("Entering OpenAMAuthHandler.handle");
    response.setRealm(realm);
    final StateAttribute state = (StateAttribute) request.getAttribute(StateAttribute.class);
    ContextHolder holder = null;
    if (state != null) {
        final String cacheKey = state.getState();
        holder = contextCache.get(cacheKey);
    }
    // always get password attribute regardless of whether starting or returning more input since user input is
    // always sent via the password field.
    final UserPasswordAttribute credAtt = (UserPasswordAttribute) request.getAttribute(UserPasswordAttribute.class);
    String credential = null;
    try {
        credential = credAtt.extractPassword(context.getRequestAuthenticator(), context.getClientSecret());
    } catch (final IOException e) {
        LOG.error("Unable to extract credential field from RADIUS request. Denying Access.", e);
        rejectAccessAndTerminateProcess(response, holder);
        LOG.message("Leaving OpenAMAuthHandler.handle();");
        return;
    }
    if (holder == null) {
        holder = this.contextCache.createCachedContextHolder();
        request.setContextHolderKey(holder.getCacheKey());
        eventBus.post(new AuthRequestReceivedEvent(request, response, context));
        final UserNameAttribute usrAtt = (UserNameAttribute) request.getAttribute(UserNameAttribute.class);
        holder = startAuthProcess(holder, response, usrAtt, credential);
        if (holder == null || holder.getAuthPhase() == ContextHolder.AuthPhase.TERMINATED) {
            // oops. something happened and reject message was already sent. so drop out here.
            LOG.message("Leaving OpenAMAuthHandler.handle(); Auth phase is TERMINATED.");
            return;
        }
    } else {
        request.setContextHolderKey(holder.getCacheKey());
        eventBus.post(new AuthRequestReceivedEvent(request, response, context));
    }
    gatherUserInput(response, holder, credential, state);
    if (holder.getAuthPhase() == ContextHolder.AuthPhase.FINALIZING) {
        finalizeAuthProcess(response, holder);
    }
    LOG.message("Leaving OpenAMAuthHandler.handle();");
    return;
}