public void setConfiguration(ListenerConfigurationItem cfg) {
try {
setConfiguration(cfg, false);
} catch (Exception e) {
e.printStackTrace();
RadiusLog.error("Invalid JRadius configuration.", e);
}
}
public void onRadiusError(SessionExpiredEvent event) {
JRadiusSession session = event.getSession();
String error = "Session Expired in Error State";
RadiusLog.error(session.getSessionKey() + ": " + error);
JRadiusLogEntry logEntry = session.getLogEntry(event, "0");
logEntry.setType("error");
logEntry.addMessage(error);
session.commitLogEntries(JRadiusServer.RLM_MODULE_FAIL);
}
/** The thread's run method repeatedly calls listen() */
public void run() {
while (getActive()) {
try {
Thread.yield();
listen();
} catch (SocketException e) {
if (getActive() == false) {
break;
} else {
RadiusLog.error("Socket exception", e);
}
} catch (InterruptedException e) {
} catch (SSLException e) {
RadiusLog.error("Error occured in TCPListener.", e);
active = false;
} catch (Throwable e) {
RadiusLog.error("Error occured in TCPListener.", e);
}
}
RadiusLog.debug("Listener: " + this.getClass().getName() + " exiting (not active)");
}
private void initialize() {
try {
// If we can find the extended JRadius classes, configure
// the default RadiusSessionKeyProvider and RadiusSessionFactory
Class c;
c = Class.forName("net.jradius.session.RadiusSessionKeyProvider");
providers.put(null, c.newInstance());
c = Class.forName("net.jradius.session.RadiusSessionFactory");
factories.put(null, c.newInstance());
} catch (Exception e) {
RadiusLog.error(
"Could not find extended JRadius classes - not running JRadiusSessionManager");
throw new RuntimeException(e);
}
}
private synchronized void release(JRadiusSession session) {
String thisThread = Thread.currentThread().getName();
String sessionToUnlock = session.getSessionKey();
String sessionOwner = (String) locks.get(sessionToUnlock);
if (sessionOwner != null) {
if (sessionOwner.equals(thisThread)) {
locks.remove(sessionToUnlock);
RadiusLog.debug("Release: Thread " + thisThread + " unlocking session " + sessionToUnlock);
} else {
RadiusLog.error(
"Releasing session lock not owned by this thread (owner="
+ sessionOwner
+ ",this="
+ thisThread
+ ")");
}
}
notifyAll();
}
/**
* Returns a session object. First, a key is generated by the session manager's key provider,
* based on the JRadiusRequest. If there is a stored session based on the key, this session is
* returned, otherwise a new session created by the session factory is returned
*
* @param request a JRadiusRequest used to retrieve or generate a session with
* @return Returns a RadiusSession
* @throws RadiusException
*/
public JRadiusSession getSession(JRadiusRequest request) throws RadiusException {
SessionKeyProvider skp = getSessionKeyProvider(request.getSender());
Serializable key = skp.getAppSessionKey(request);
JRadiusSession session = null;
Serializable nkey = null;
if (key != null) {
RadiusLog.debug("** Looking for session: " + key);
session = getSession(request, key);
if (session == null) {
RadiusLog.error("Broken JRadius-Session-Id implementation for session: " + key);
key = null;
}
}
if (key == null) {
key = skp.getClassKey(request);
if (key != null) {
RadiusLog.debug("** Looking for session: " + key);
session = getSession(request, key);
if (session == null) {
RadiusLog.error("Broken Class implementation for session: " + key);
key = null;
} else {
if (session.getJRadiusKey() != null
&& !session.getJRadiusKey().equals(session.getSessionKey())) {
rehashSession(session, session.getJRadiusKey(), key);
}
}
}
}
if (key == null) {
Serializable keys = skp.getRequestSessionKey(request);
if (keys == null) {
return null;
}
if (keys instanceof Serializable[]) {
key = ((Serializable[]) (keys))[0];
nkey = ((Serializable[]) (keys))[1];
RadiusLog.debug("Rehashing session with key " + key + " under new key " + nkey);
} else {
key = keys;
}
RadiusLog.debug("** Looking for session: " + key);
session = getSession(request, key);
if (session != null && nkey != null && !nkey.equals(key)) {
rehashSession(session, key, nkey);
}
}
if (session == null) {
session = newSession(request, nkey == null ? key : nkey);
} else {
session.setNewSession(false);
}
session.setTimeStamp(System.currentTimeMillis());
session.setLastRadiusRequest(request);
return session;
}
/**
* Get a supported RadiusAuthenticator based on the protocol name. If no protocol with that name
* is supported, null is returned. If the authenticator class for the named protocol has writable
* bean properties, these can be set by appending a colon separated list of property=value pairs
* to the protocolName. For instance, the EAP-TLS (and EAP-TTLS since it derives from EAP-TLS)
* authenticator class has numerous configurable properties (including keyFile, keyFileType,
* keyPassword, etc).
*
* <p>Examples:
*
* <ul>
* <li>getAuthProtocol("pap") returns PAPAuthenticator
* <li>getAuthProtocol("chap") returns CHAPAuthenticator
* <li>getAuthProtocol("eap-md5") returns EAPMD5Authenticator
* <li>getAuthProtocol("eap-ttls") returns default EALTTLSAuthenticator
* <li>getAuthProtocol("eap-tls:keyFile=keystore:keyPassword=mypass") returns
* EALTLSAuthenticator with setKeyFile("keystore") and setKeyPassword("mypass")
* <li>getAuthProtocol("eap-ttls:trustAll=true") returns EALTTLSAuthenticator with
* setTrustAll(true)
* </ul>
*
* Keep in mind that Java 1.5 is required for EAP-TLS/TTLS and only PAP is usable as the inner
* protocol because of limitations of Java 1.5.
*
* <p>
*
* @param protocolName The requested authentication protocol
* @return Returns an instance of RadiusAuthenticator or null
*/
public static RadiusAuthenticator getAuthProtocol(String protocolName) {
RadiusAuthenticator auth = null;
String[] args = null;
int i;
if ((i = protocolName.indexOf(':')) > 0) {
if (i < protocolName.length()) {
args = protocolName.substring(i + 1).split(":");
}
protocolName = protocolName.substring(0, i);
}
protocolName = protocolName.toLowerCase();
Class<?> c = (Class<?>) authenticators.get(protocolName);
if (c == null) return null;
try {
auth = (RadiusAuthenticator) c.newInstance();
} catch (Exception e) {
RadiusLog.error("Invalid auth protocol", e);
return null;
}
if (args != null) {
HashMap<String, PropertyDescriptor> elements = new HashMap<String, PropertyDescriptor>();
Class<?> clazz = auth.getClass();
PropertyDescriptor[] props = null;
try {
props = Introspector.getBeanInfo(clazz).getPropertyDescriptors();
} catch (Exception e) {
RadiusLog.error("Could not instanciate authenticator " + protocolName, e);
return auth;
}
for (int p = 0; p < props.length; p++) {
PropertyDescriptor pd = props[p];
Method m = pd.getWriteMethod();
if (m != null) {
elements.put(pd.getName(), pd);
}
}
for (int a = 0; a < args.length; a++) {
int eq = args[a].indexOf("=");
if (eq > 0) {
String name = args[a].substring(0, eq);
String value = args[a].substring(eq + 1);
PropertyDescriptor pd = (PropertyDescriptor) elements.get(name);
Method m = pd.getWriteMethod();
if (m == null) {
RadiusLog.error(
"Authenticator " + protocolName + " does not have a writable attribute " + name);
} else {
Object valueObject = value;
Class<?> cType = pd.getPropertyType();
if (cType == Boolean.class) {
valueObject = new Boolean(value);
} else if (cType == Integer.class) {
valueObject = new Integer(value);
}
try {
m.invoke(auth, new Object[] {valueObject});
} catch (Exception e) {
RadiusLog.error(
"Error setting attribute " + name + " for authenticator " + protocolName, e);
}
}
}
}
}
return auth;
}
