/* (non-Javadoc)
* @see net.jradius.handler.EventHandler#handle(net.jradius.server.JRadiusEvent)
*/
public boolean handle(JRadiusEvent evt) throws Exception {
if (evt instanceof SessionExpiredEvent) {
SessionExpiredEvent event = (SessionExpiredEvent) evt;
JRadiusSession session = event.getSession();
if (session == null) return true;
RadiusLog.debug("Processing Session Expired Event for Session: " + session.getSessionKey());
if (session.getSessionState() == JRadiusSession.RADIUS_ERROR) {
onRadiusError(event);
} else if ((session.getSessionState() & JRadiusSession.ACCT_STOPPED) != 0) {
onAcctStopped(event);
} else if ((session.getSessionState() & JRadiusSession.ACCT_STARTED) != 0) {
onAcctStarted(event);
} else if ((session.getSessionState() & JRadiusSession.AUTH_REJECTED) != 0) {
onAuthRejected(event);
} else if ((session.getSessionState() & JRadiusSession.AUTH_ACCEPTED) != 0) {
Long serviceType = session.getServiceType();
if (serviceType != null) {
int iServiceType = serviceType.intValue();
if (iServiceType != 6
&& // Administrative-User
iServiceType != 8) // Authenticate-Only
{
onAuthAccepted(event);
}
}
} else if ((session.getSessionState() & JRadiusSession.AUTH_REJECTED) != 0) {
onAuthPending(event);
}
return true;
}
return false;
}
/**
* Listen for one object and place it on the request queue
*
* @throws IOException
* @throws InterruptedException
* @throws RadiusException
*/
public void listen() throws Exception {
RadiusLog.debug("Listening on socket...");
Socket socket = serverSocket.accept();
socket.setTcpNoDelay(false);
if (keepAlive) {
KeepAliveListener keepAliveListener = new KeepAliveListener(socket, this, queue);
keepAliveListener.start();
synchronized (keepAliveListeners) {
keepAliveListeners.add(keepAliveListener);
}
} else {
TCPListenerRequest lr = (TCPListenerRequest) requestObjectPool.borrowObject();
lr.setBorrowedFromPool(requestObjectPool);
lr.accept(socket, this, false, false);
while (true) {
try {
this.queue.put(lr);
break;
} catch (InterruptedException e) {
}
}
}
}
public void onAuthPending(SessionExpiredEvent event) {
RadiusLog.problem(
null,
event.getSession(),
null,
"Expired in Auth-Pending state (no response from service provider)");
}
public void setConfiguration(ListenerConfigurationItem cfg) {
try {
setConfiguration(cfg, false);
} catch (Exception e) {
e.printStackTrace();
RadiusLog.error("Invalid JRadius configuration.", e);
}
}
public void onAcctStarted(SessionExpiredEvent event) {
JRadiusSession session = event.getSession();
String error = "Session Expired in Accounting-Started state, Accounting never stopped";
RadiusLog.warn(session.getSessionKey() + ": " + error);
JRadiusLogEntry logEntry = session.getLogEntry(event, "0");
logEntry.setType("error");
logEntry.addMessage(error);
}
public void notifyElementExpired(Ehcache cache, Element element) {
JRadiusSession session = (JRadiusSession) element.getValue();
RadiusLog.debug("Expired session: " + session.getSessionKey());
if (JRadiusServer.getEventDispatcher() != null) {
SessionExpiredEvent evt = new SessionExpiredEvent(session);
evt.setApplicationContext(applicationContext);
JRadiusServer.getEventDispatcher().post(evt);
}
}
public void onAuthAccepted(SessionExpiredEvent event) {
JRadiusSession session = event.getSession();
String error = "Session Expired in Auth-Accepted state, Accounting never started";
RadiusLog.warn(session.getSessionKey() + ": " + error);
JRadiusLogEntry logEntry = session.getLogEntry(event, "0");
logEntry.setType("error");
logEntry.addMessage(error);
session.commitLogEntries(JRadiusServer.RLM_MODULE_FAIL);
}
public void onRadiusError(SessionExpiredEvent event) {
JRadiusSession session = event.getSession();
String error = "Session Expired in Error State";
RadiusLog.error(session.getSessionKey() + ": " + error);
JRadiusLogEntry logEntry = session.getLogEntry(event, "0");
logEntry.setType("error");
logEntry.addMessage(error);
session.commitLogEntries(JRadiusServer.RLM_MODULE_FAIL);
}
private synchronized void release(JRadiusSession session) {
String thisThread = Thread.currentThread().getName();
String sessionToUnlock = session.getSessionKey();
String sessionOwner = (String) locks.get(sessionToUnlock);
if (sessionOwner != null) {
if (sessionOwner.equals(thisThread)) {
locks.remove(sessionToUnlock);
RadiusLog.debug("Release: Thread " + thisThread + " unlocking session " + sessionToUnlock);
} else {
RadiusLog.error(
"Releasing session lock not owned by this thread (owner="
+ sessionOwner
+ ",this="
+ thisThread
+ ")");
}
}
notifyAll();
}
/** The thread's run method repeatedly calls listen() */
public void run() {
while (getActive()) {
try {
Thread.yield();
listen();
} catch (SocketException e) {
if (getActive() == false) {
break;
} else {
RadiusLog.error("Socket exception", e);
}
} catch (InterruptedException e) {
} catch (SSLException e) {
RadiusLog.error("Error occured in TCPListener.", e);
active = false;
} catch (Throwable e) {
RadiusLog.error("Error occured in TCPListener.", e);
}
}
RadiusLog.debug("Listener: " + this.getClass().getName() + " exiting (not active)");
}
private void initialize() {
try {
// If we can find the extended JRadius classes, configure
// the default RadiusSessionKeyProvider and RadiusSessionFactory
Class c;
c = Class.forName("net.jradius.session.RadiusSessionKeyProvider");
providers.put(null, c.newInstance());
c = Class.forName("net.jradius.session.RadiusSessionFactory");
factories.put(null, c.newInstance());
} catch (Exception e) {
RadiusLog.error(
"Could not find extended JRadius classes - not running JRadiusSessionManager");
throw new RuntimeException(e);
}
}
private synchronized void lock(JRadiusSession session) {
String thisThread = Thread.currentThread().getName();
String sessionToLock = session.getSessionKey();
String sessionOwner = null;
while (true) {
sessionOwner = (String) locks.get(sessionToLock);
if (sessionOwner == null) {
locks.put(sessionToLock, thisThread);
RadiusLog.debug("Lock: Thread " + thisThread + " locked session " + sessionToLock);
break;
} else if (sessionOwner.equals(thisThread)) {
break;
} else {
try {
wait();
} catch (InterruptedException ex) {
}
}
}
}
static {
// Supported Authentication Protocols
registerAuthenticator("pap", PAPAuthenticator.class);
registerAuthenticator("chap", CHAPAuthenticator.class);
registerAuthenticator("mschapv1", MSCHAPv1Authenticator.class);
registerAuthenticator("mschapv2", MSCHAPv2Authenticator.class);
registerAuthenticator("mschap", MSCHAPv2Authenticator.class);
registerAuthenticator("eap-md5", EAPMD5Authenticator.class);
registerAuthenticator("eap-mschapv2", EAPMSCHAPv2Authenticator.class);
try {
registerAuthenticator("eap-tls", "net.jradius.client.auth.EAPTLSAuthenticator");
registerAuthenticator("eap-ttls", "net.jradius.client.auth.EAPTTLSAuthenticator");
registerAuthenticator("peap", "net.jradius.client.auth.PEAPAuthenticator");
// registerAuthenticator("eap-aka", "net.jradius.client.auth.EAPAKAAuthenticator");
} catch (ClassNotFoundException e) {
RadiusLog.warn("EAP-TLS and EAP-TTLS are only available with Java 1.5");
}
// Lets use the Gnu-Crypto Provider
// if (java.security.Security.getProvider("GNU-CRYPTO") == null)
// java.security.Security.addProvider(new gnu.crypto.jce.GnuCrypto());
}
/**
* Get a supported RadiusAuthenticator based on the protocol name. If no protocol with that name
* is supported, null is returned. If the authenticator class for the named protocol has writable
* bean properties, these can be set by appending a colon separated list of property=value pairs
* to the protocolName. For instance, the EAP-TLS (and EAP-TTLS since it derives from EAP-TLS)
* authenticator class has numerous configurable properties (including keyFile, keyFileType,
* keyPassword, etc).
*
* <p>Examples:
*
* <ul>
* <li>getAuthProtocol("pap") returns PAPAuthenticator
* <li>getAuthProtocol("chap") returns CHAPAuthenticator
* <li>getAuthProtocol("eap-md5") returns EAPMD5Authenticator
* <li>getAuthProtocol("eap-ttls") returns default EALTTLSAuthenticator
* <li>getAuthProtocol("eap-tls:keyFile=keystore:keyPassword=mypass") returns
* EALTLSAuthenticator with setKeyFile("keystore") and setKeyPassword("mypass")
* <li>getAuthProtocol("eap-ttls:trustAll=true") returns EALTTLSAuthenticator with
* setTrustAll(true)
* </ul>
*
* Keep in mind that Java 1.5 is required for EAP-TLS/TTLS and only PAP is usable as the inner
* protocol because of limitations of Java 1.5.
*
* <p>
*
* @param protocolName The requested authentication protocol
* @return Returns an instance of RadiusAuthenticator or null
*/
public static RadiusAuthenticator getAuthProtocol(String protocolName) {
RadiusAuthenticator auth = null;
String[] args = null;
int i;
if ((i = protocolName.indexOf(':')) > 0) {
if (i < protocolName.length()) {
args = protocolName.substring(i + 1).split(":");
}
protocolName = protocolName.substring(0, i);
}
protocolName = protocolName.toLowerCase();
Class<?> c = (Class<?>) authenticators.get(protocolName);
if (c == null) return null;
try {
auth = (RadiusAuthenticator) c.newInstance();
} catch (Exception e) {
RadiusLog.error("Invalid auth protocol", e);
return null;
}
if (args != null) {
HashMap<String, PropertyDescriptor> elements = new HashMap<String, PropertyDescriptor>();
Class<?> clazz = auth.getClass();
PropertyDescriptor[] props = null;
try {
props = Introspector.getBeanInfo(clazz).getPropertyDescriptors();
} catch (Exception e) {
RadiusLog.error("Could not instanciate authenticator " + protocolName, e);
return auth;
}
for (int p = 0; p < props.length; p++) {
PropertyDescriptor pd = props[p];
Method m = pd.getWriteMethod();
if (m != null) {
elements.put(pd.getName(), pd);
}
}
for (int a = 0; a < args.length; a++) {
int eq = args[a].indexOf("=");
if (eq > 0) {
String name = args[a].substring(0, eq);
String value = args[a].substring(eq + 1);
PropertyDescriptor pd = (PropertyDescriptor) elements.get(name);
Method m = pd.getWriteMethod();
if (m == null) {
RadiusLog.error(
"Authenticator " + protocolName + " does not have a writable attribute " + name);
} else {
Object valueObject = value;
Class<?> cType = pd.getPropertyType();
if (cType == Boolean.class) {
valueObject = new Boolean(value);
} else if (cType == Integer.class) {
valueObject = new Integer(value);
}
try {
m.invoke(auth, new Object[] {valueObject});
} catch (Exception e) {
RadiusLog.error(
"Error setting attribute " + name + " for authenticator " + protocolName, e);
}
}
}
}
}
return auth;
}
private void put(Serializable key, Serializable value) {
RadiusLog.debug("Adding session key: " + key);
sessionCache.put(new Element(key, value));
}
private void remove(Serializable key) {
RadiusLog.debug("Removing session key: " + key);
sessionCache.remove(key);
}
/**
* Returns a session object. First, a key is generated by the session manager's key provider,
* based on the JRadiusRequest. If there is a stored session based on the key, this session is
* returned, otherwise a new session created by the session factory is returned
*
* @param request a JRadiusRequest used to retrieve or generate a session with
* @return Returns a RadiusSession
* @throws RadiusException
*/
public JRadiusSession getSession(JRadiusRequest request) throws RadiusException {
SessionKeyProvider skp = getSessionKeyProvider(request.getSender());
Serializable key = skp.getAppSessionKey(request);
JRadiusSession session = null;
Serializable nkey = null;
if (key != null) {
RadiusLog.debug("** Looking for session: " + key);
session = getSession(request, key);
if (session == null) {
RadiusLog.error("Broken JRadius-Session-Id implementation for session: " + key);
key = null;
}
}
if (key == null) {
key = skp.getClassKey(request);
if (key != null) {
RadiusLog.debug("** Looking for session: " + key);
session = getSession(request, key);
if (session == null) {
RadiusLog.error("Broken Class implementation for session: " + key);
key = null;
} else {
if (session.getJRadiusKey() != null
&& !session.getJRadiusKey().equals(session.getSessionKey())) {
rehashSession(session, session.getJRadiusKey(), key);
}
}
}
}
if (key == null) {
Serializable keys = skp.getRequestSessionKey(request);
if (keys == null) {
return null;
}
if (keys instanceof Serializable[]) {
key = ((Serializable[]) (keys))[0];
nkey = ((Serializable[]) (keys))[1];
RadiusLog.debug("Rehashing session with key " + key + " under new key " + nkey);
} else {
key = keys;
}
RadiusLog.debug("** Looking for session: " + key);
session = getSession(request, key);
if (session != null && nkey != null && !nkey.equals(key)) {
rehashSession(session, key, nkey);
}
}
if (session == null) {
session = newSession(request, nkey == null ? key : nkey);
} else {
session.setNewSession(false);
}
session.setTimeStamp(System.currentTimeMillis());
session.setLastRadiusRequest(request);
return session;
}
public void onAuthRejected(SessionExpiredEvent event) {
RadiusLog.debug("Rejected Session Expired: " + event);
}
public void onAcctStopped(SessionExpiredEvent event) {
RadiusLog.debug("Completed Session Expired: " + event);
}
