LiRuochen_WorkFlow/MaxKey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jradius unsupport

Browse Source 
jradius unsupport
This commit is contained in:
shimingxy
2020-02-15 17:03:53 +08:00
parent 82aaf1fb70
commit b77830355c
16 changed files with 16 additions and 474 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
maxkey-authentications/src/main/java/org/maxkey/authn/realm/radius/RadiusProtocol.java
View File

@@ -1,62 +0,0 @@
package org.maxkey.authn.realm.radius;
/**
* RADIUS protocol enumeration.
*
*/
public enum RadiusProtocol {
/** The chap. */
CHAP("chap"),
/** The EA p_ m d5. */
EAP_MD5("eap-md5"),
/** The EA p_ mscha pv2. */
EAP_MSCHAPv2("eap-mschapv2"),
/** The eap tls. */
EAP_TLS("eap-tls"),
/** The eap ttls pap. */
EAP_TTLS_PAP("eap-ttls:innerProtocol=pap"),
/** The EA p_ ttl s_ ea p_ m d5. */
EAP_TTLS_EAP_MD5("eap-ttls:innerProtocol=eap-md5"),
/** The EA p_ ttl s_ ea p_ mscha pv2. */
EAP_TTLS_EAP_MSCHAPv2("eap-ttls:innerProtocol=eap-mschapv2"),
/** The MSCHA pv1. */
MSCHAPv1("mschapv1"),
/** The MSCHA pv2. */
MSCHAPv2("mschapv2"),
/** The pap. */
PAP("pap"),
/** The peap. */
PEAP("peap");
/** The name. */
private final String name;
/**
* Instantiates a new radius protocol.
*
* @param name the name
*/
RadiusProtocol(final String name) {
this.name = name;
}
/**
* Gets the radius protocol name required by {@link net.jradius.client.RadiusClient#getAuthProtocol(String)}.
*
* @return RADIUS protocol name known to {@link net.jradius.client.RadiusClient}.
*/
public String getName() {
return this.name;
}
}

231
maxkey-authentications/src/main/java/org/maxkey/authn/realm/radius/RadiusServer.java
View File

@@ -1,231 +0,0 @@
package org.maxkey.authn.realm.radius;
import javax.validation.constraints.Min;
import javax.validation.constraints.NotNull;
import net.jradius.client.RadiusClient;
import net.jradius.dictionary.Attr_NASIPAddress;
import net.jradius.dictionary.Attr_NASIPv6Address;
import net.jradius.dictionary.Attr_NASIdentifier;
import net.jradius.dictionary.Attr_NASPort;
import net.jradius.dictionary.Attr_NASPortId;
import net.jradius.dictionary.Attr_NASPortType;
import net.jradius.dictionary.Attr_ReplyMessage;
import net.jradius.dictionary.Attr_UserName;
import net.jradius.dictionary.Attr_UserPassword;
import net.jradius.dictionary.vsa_redback.Attr_NASRealPort;
import net.jradius.packet.AccessAccept;
import net.jradius.packet.AccessRequest;
import net.jradius.packet.RadiusPacket;
import net.jradius.packet.attribute.AttributeList;
import org.apache.commons.lang.StringUtils;
import org.maxkey.authn.realm.IAuthenticationServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Implementation of a RadiusServer that utilizes the JRadius packages available
* at <a href="http://jradius.sf.net">http://jradius.sf.net</a>.
*
*/
public final class RadiusServer extends RadiusServerBase implements IAuthenticationServer{
/** Default retry count, {@value}. */
public static final int DEFAULT_RETRY_COUNT = 3;
/** Logger instance. */
private static final Logger _logger = LoggerFactory.getLogger(RadiusServer.class);
/** RADIUS protocol. */
@NotNull
private final RadiusProtocol protocol;
/** Number of times to retry authentication when no response is received. */
@Min(0)
private int retries = DEFAULT_RETRY_COUNT;
private String nasIpAddress = null;
private String nasIpv6Address = null;
private long nasPort = -1;
private long nasPortId = -1;
private long nasIdentifier = -1;
private long nasRealPort = -1;
private long nasPortType = -1;
/**
* Instantiates a new server implementation
* with the radius protocol and client factory specified.
*
* @param protocol the protocol
* @param clientFactory the client factory
*/
public RadiusServer(final RadiusProtocol protocol) {
this.protocol = protocol;
}
public boolean authenticate(final String username, final String password) {
final AttributeList attributeList = new AttributeList();
attributeList.add(new Attr_UserName(username));
attributeList.add(new Attr_UserPassword(password));
if (StringUtils.isNotBlank(this.nasIpAddress)) {
attributeList.add(new Attr_NASIPAddress(this.nasIpAddress));
}
if (StringUtils.isNotBlank(this.nasIpv6Address)) {
attributeList.add(new Attr_NASIPv6Address(this.nasIpv6Address));
}
if (this.nasPort != -1) {
attributeList.add(new Attr_NASPort(this.nasPort));
}
if (this.nasPortId != -1) {
attributeList.add(new Attr_NASPortId(this.nasPortId));
}
if (this.nasIdentifier != -1) {
attributeList.add(new Attr_NASIdentifier(this.nasIdentifier));
}
if (this.nasRealPort != -1) {
attributeList.add(new Attr_NASRealPort(this.nasRealPort));
}
if (this.nasPortType != -1) {
attributeList.add(new Attr_NASPortType(this.nasPortType));
}
RadiusClient client = null;
try {
client = this.newInstance();
final AccessRequest request = new AccessRequest(client, attributeList);
final RadiusPacket response = client.authenticate(
request,
RadiusClient.getAuthProtocol(this.protocol.getName()),
this.retries);
_logger.debug("RADIUS response from {}: {}", client.getRemoteInetAddress().getCanonicalHostName(),response.getClass().getName());
_logger.debug("Received : \n" + response.toString());
_logger.debug("RADIUS Response Identifier : " + response.getIdentifier());
_logger.debug("RADIUS Response code : " + response.getCode());
_logger.debug("RADIUS Response AttributeList : " + response.getAttributes().getAttributeList());
if (response instanceof AccessAccept) {
// final AccessAccept acceptedResponse = (AccessAccept) response;
// _logger.debug("Accepted Response Message: " + acceptedResponse.CODE);
String responseMessage = (String) response.getAttributeValue(Attr_ReplyMessage.TYPE);
if (responseMessage != null){
_logger.debug("Accepted Response Message: " + responseMessage);
}
return true;
}else if(response instanceof net.jradius.packet.AccessReject){
_logger.debug("Access Reject ." );
}else if (response instanceof net.jradius.packet.PasswordReject){
_logger.debug("Password Reject . ");
}
} catch (final Exception e) {
e.printStackTrace();
} finally {
if (client != null) {
client.close();
}
}
return false;
}
/**
* Sets the nas ip address.
*
* @param nasIpAddress the new nas ip address
* @since 4.1
*/
public void setNasIpAddress(final String nasIpAddress) {
this.nasIpAddress = nasIpAddress;
}
/**
* Sets the nas ipv6 address.
*
* @param nasIpv6Address the new nas ipv6 address
* @since 4.1
*/
public void setNasIpv6Address(final String nasIpv6Address) {
this.nasIpv6Address = nasIpv6Address;
}
/**
* Sets the nas port.
*
* @param nasPort the new nas port
* @since 4.1
*/
public void setNasPort(final long nasPort) {
this.nasPort = nasPort;
}
/**
* Sets the nas port id.
*
* @param nasPortId the new nas port id
* @since 4.1
*/
public void setNasPortId(final long nasPortId) {
this.nasPortId = nasPortId;
}
/**
* Sets the nas identifier.
*
* @param nasIdentifier the new nas identifier
* @since 4.1
*/
public void setNasIdentifier(final long nasIdentifier) {
this.nasIdentifier = nasIdentifier;
}
/**
* Sets the nas real port.
*
* @param nasRealPort the new nas real port
* @since 4.1
*/
public void setNasRealPort(final long nasRealPort) {
this.nasRealPort = nasRealPort;
}
/**
* Sets the nas port type.
*
* @param nasPortType the new nas port type
* @since 4.1
*/
public void setNasPortType(final long nasPortType) {
this.nasPortType = nasPortType;
}
/**
* Sets the retries.
*
* @param retries the new retries
* @since 4.1
*/
public void setRetries(final int retries) {
this.retries = retries;
}
}

62
maxkey-authentications/src/main/java/org/maxkey/authn/realm/radius/RadiusServerAuthenticationRealm.java
View File

@@ -1,62 +0,0 @@
package org.maxkey.authn.realm.radius;
import java.util.List;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
import net.jradius.packet.attribute.AttributeFactory;
import org.maxkey.authn.realm.AbstractAuthenticationRealm;
import org.maxkey.authn.realm.IAuthenticationServer;
import org.maxkey.domain.UserInfo;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
public class RadiusServerAuthenticationRealm extends AbstractAuthenticationRealm{
private final static Logger _logger = LoggerFactory.getLogger(RadiusServerAuthenticationRealm.class);
/** Load the dictionary implementation. */
static {
AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
}
/** Array of RADIUS servers to authenticate against. */
@NotNull
@Size(min=1)
private List<IAuthenticationServer> jradiusServers;
/**
* @param ldapCluster
*/
public RadiusServerAuthenticationRealm() {
}
@Override
public boolean passwordMatches(UserInfo userInfo, String password) {
boolean isAuthenticated=false;
for (final IAuthenticationServer radiusServer : this.jradiusServers) {
_logger.debug("Attempting to authenticate {} at {}", userInfo.getUsername(), radiusServer);
isAuthenticated= radiusServer.authenticate(userInfo.getUsername(), password);
if (isAuthenticated ) {
return true;
}
}
if(!isAuthenticated){
throw new BadCredentialsException(WebContext.getI18nValue("login.error.password"));
}
return false;
}
public void setJradiusServers(List<IAuthenticationServer> jradiusServers) {
this.jradiusServers = jradiusServers;
}
}

98
maxkey-authentications/src/main/java/org/maxkey/authn/realm/radius/RadiusServerBase.java
View File

@@ -1,98 +0,0 @@
package org.maxkey.authn.realm.radius;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.validation.constraints.Min;
import javax.validation.constraints.NotNull;
import net.jradius.client.RadiusClient;
/**
* Factory for creating RADIUS client instances.
*
*/
public class RadiusServerBase {
/** The port to do accounting on. */
@Min(1)
private int accountingPort =1813;
/** The port to do authentication on. */
@Min(1)
private int authenticationPort = 1812;
/** Socket timeout in seconds. */
@Min(0)
private int socketTimeout = 30;
/** RADIUS server network address. */
@NotNull
private InetAddress inetAddress;
/** The shared secret to send to the RADIUS server. */
@NotNull
private String sharedSecret;
/**
* Sets the RADIUS server accounting port.
*
* @param port Accounting port number.
*/
public void setAccountingPort(final int port) {
this.accountingPort = port;
}
/**
* Sets the RADIUS server authentication port.
*
* @param port Authentication port number.
*/
public void setAuthenticationPort(final int port) {
this.authenticationPort = port;
}
/**
* Sets the RADIUS server UDP socket timeout.
*
* @param timeout Timeout in seconds; 0 for no timeout.
*/
public void setSocketTimeout(final int timeout) {
this.socketTimeout = timeout;
}
/**
* RADIUS server network address.
*
* @param address Network address as a string.
*/
public void setInetAddress(final String address) {
try {
this.inetAddress = InetAddress.getByName(address);
} catch (final UnknownHostException e) {
throw new RuntimeException("Invalid address " + address);
}
}
/**
* RADIUS server authentication shared secret.
*
* @param secret Shared secret.
*/
public void setSharedSecret(final String secret) {
this.sharedSecret = secret;
}
/**
* Creates a new RADIUS client instance using factory configuration settings.
*
* @return New radius client instance.
* @throws IOException In case the transport method encounters an error.
*/
public RadiusClient newInstance() throws IOException {
return new RadiusClient(
this.inetAddress, this.sharedSecret, this.authenticationPort, this.accountingPort, this.socketTimeout);
}
}