最近使用 RSA Authentication Manager, 并且与其自带的Radius server整合, RSA的Radius server 配置不太透明, 目前只配成功了PAP方式的验证,CHAP目前不成功。
RSA Radius在token输错3次后有要求用户输入next token的安全设置方式, 开始不知道java如何处理,后来查了一些资料,Radius协议本身是无状态的,客户端第二次next token
的request需要跟上前一次response中的state才能让服务器识别出这个session,跟http 的 session是一个意思。
// next token new request send
AttributeList response = r.getAttributes();
AttributeList state = response.getAttributeList(Attribute.State);
System.out.println(">>>>>>>Response state:" + state);
System.out.println("next Token");
Scanner sa = new Scanner(System.in);
String sl = sa.next();
String mima = sl + "";
System.out.println(mima);
AttributeList attList = new AttributeList();
attList.addAttribute(Attribute.NAS_Port, 1);
attList.mergeAttributes(state);
int nResul = r.authenticate("ryan", mima, attList);
注意这个
r.authenticate("ryan", mima, attList);
处理的是PAP格式的请求。
First Token
17507862
17507862
>>>>>>>>>>>>>>>>>>>authenticate.
<81> ------------------- Request Packet -----------------
<81> Address: 10.207.67.63:1812 Packet Length: 50 Type: Access-Request(1)
01 51 00 32 77 98 1B F0 - C0 39 C4 41 A0 6D BF 7A .Q.2w... - .9.A.m.z
55 0D D5 F6 05 06 00 00 - 00 01 01 06 72 79 61 6E U....... - ....ryan
02 12 98 8C D9 43 C5 7E - 34 C2 E5 3A F5 31 21 4A .....C.~ - 4..:.1!J
13 78 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .x...... - ........
Attributes:
NAS-Port (5), Length: 6, Data: [# 1], 0x00000001
User-Name (1), Length: 6, Data: [ryan], [# 1920557422] / [IP 114.121.97.110], 0x7279616E
User-Password (2), Length: 18, Data: 0x988CD943C57E34C2E53AF531214A1378
<81> ---------------------------------------------------
<81> ------------------- Response Packet -----------------
<81> Address: 10.207.67.63:1812 Packet Length: 88 Type: Access-Challenge(11)
0B 51 00 58 69 D2 A0 52 - C1 EC FC 7D 71 AA 91 42 .Q.Xi..R - ...}q..B
65 6E 4D 17 4C 06 00 00 - 00 00 12 30 0D 0A 50 6C enM.L... - ...0..Pl
65 61 73 65 20 45 6E 74 - 65 72 20 74 68 65 20 4E ease Ent - er the N
65 78 74 20 43 6F 64 65 - 20 66 72 6F 6D 20 59 6F ext Code - from Yo
75 72 20 54 6F 6B 65 6E - 3A 00 18 0E 53 42 52 2D ur Token - :...SBR-
43 48 20 34 36 7C 31 00 - 00 00 00 00 00 00 00 00 CH 46|1. - ........
Attributes:
Prompt (76), Length: 6, Data: [# 0], 0x00000000
Reply-Message (18), Length: 48, Data: 0x0D0A506C6561736520456E74657220746865204E65787420436F64652066726F6D20596F757220546F6B656E3A00
State (24), Length: 14, Data: 0x5342522D43482034367C3100
<81> ---------------------------------------------------
>>>>>>>Response Result:11
>>>>>>>Response state:State (24), Length: 14, Data: 0x5342522D43482034367C3100
next Token
77340845
77340845
<100> ------------------- Request Packet -----------------
<100> Address: 10.207.67.63:1812 Packet Length: 64 Type: Access-Request(1)
01 64 00 40 41 73 2F F7 - 74 13 A4 3D 98 76 58 84 .d.@As/. - t..=.vX.
9C 8B 5A D3 05 06 00 00 - 00 01 18 0E 53 42 52 2D ..Z..... - ....SBR-
43 48 20 34 36 7C 31 00 - 01 06 72 79 61 6E 02 12 CH 46|1. - ..ryan..
A5 1C 73 E3 60 F0 57 21 - 39 9E 8A EA 8D BB 3C EA ..s.`.W! - 9.....<.
Attributes:
NAS-Port (5), Length: 6, Data: [# 1], 0x00000001
State (24), Length: 14, Data: 0x5342522D43482034367C3100
User-Name (1), Length: 6, Data: [ryan], [# 1920557422] / [IP 114.121.97.110], 0x7279616E
User-Password (2), Length: 18, Data: 0xA51C73E360F05721399E8AEA8DBB3CEA
<100> ---------------------------------------------------
<100> ------------------- Response Packet -----------------
<100> Address: 10.207.67.63:1812 Packet Length: 86 Type: Access-Accept(2)
02 64 00 56 E5 63 66 C1 - 9F 85 75 47 09 97 CE AB .d.V.cf. - ..uG....
8A 7A 19 C4 19 37 53 42 - 52 32 43 4C 81 ED 94 D1 .z...7SB - R2CL....
C8 E6 EA DE 8B 80 11 80 - 22 01 80 03 81 98 CE 80 ........ - ".......
02 80 05 81 B9 9E AC 96 - F0 12 80 0E 81 81 ED 94 ........ - ........
D1 C8 E6 EA DE 8B 80 80 - 80 84 9C 01 0B 55 73 65 ........ - .....Use
72 2D 4E 61 6D 65 00 00 - 00 00 00 00 00 00 00 00 r-Name.. - ........
Attributes:
Class (25), Length: 55, Data: 0x53425232434C81ED94D1C8E6EADE8B801180220180038198CE8002800581B99EAC96F012800E8181ED94D1C8E6EADE8B808080849C
User-Name (1), Length: 11, Data: [User-Name], 0x557365722D4E616D65
<100> ---------------------------------------------------
>>>>>>>>>>>>>>>>>>>authenticate again.
r.getErrorString():No Error (0)
Second nResult:2
Second nResult:2
Second nResult:Access-Accept
Final return:0