基于rsa SecurID的二次验证。RSA server自身可以作为Radius服务器,RSA也可以和其他的软件集合,使用其他的server作为Radius服务器。
radius的验证的一般流程如下图:
用java实现的主要代码实现如下(需要导入radius相关jar包,主要为radiusclient3.jar):
①radius第一次验证, RADIUSClient的4个参数分别为server ip,port,Radius的密钥,radius输入超时时间. authenticate的username和password即为所需要验证的用户.
1 RADIUSClient r = null; 2 int nResult = 0; r = new RADIUSClient("ip", port , "secret" , radius_soctet_timeout); 3 r.setDebug(true); 4 AttributeList aList = new AttributeList(); 5 aList.addAttribute(Attribute.NAS_Port, 1); 6 nResult = r.authenticate(username, password, aList);
②跟据返回的nResult进行判断.代码中的数字3代表access_reject, 数字0代表access_badpacket, 数字11代表access_challenge, 数字2代表access_accept.
当遇到access_challenge时,有两种情况,一只是需要new pin(new pin的情况相对复杂一点), 另一种是需要next token.另外,这个Attribute.State属性是一直要继承的,用来区分
是否是我们需要的那一次验证(如代码25, 26行,就把state带入下一次验证,用来验证识别).
1 switch (nResult) { 2 case 3: 3 try{ 4 AttributeList response = r.getAttributes(); 5 AttributeList state = response.getAttributeList(Attribute.State); 6 } 7 catch(Exception e){ 8 9 } 10 11 break; 12 case 0: 13 14 break; 15 case 11: 16 AttributeList response = r.getAttributes(); 17 AttributeList state = response.getAttributeList(Attribute.State); 18 r.reset(); 19 System.out.println(":"); 20 Scanner sa = new Scanner(System.in); 21 String sl = sa.next(); 22 String mima = sl + ""; 23 AttributeList attList = new AttributeList(); 24 attList.addAttribute(Attribute.NAS_Port, 1); 25 attList.mergeAttributes(state); 26 nResult = r.authenticate(username, mima, attList); 27 System.out.println(r.getPacketType()); 28 System.out.println("r.getErrorString():" + r.getErrorString()); 29 System.out.println("Second nResult:" + nResult); 30 if(nResult == 11){ 31 AttributeList rresponse = r.getAttributes(); 32 AttributeList sstate = rresponse.getAttributeList(Attribute.State); 33 r.reset(); 34 System.out.println("re new pins"); 35 Scanner ssa = new Scanner(System.in); 36 String ssl = ssa.next(); 37 String renewpin = ssl + ""; 38 System.out.println(renewpin); 39 AttributeList aattList = new AttributeList(); 40 aattList.addAttribute(Attribute.NAS_Port, 1); 41 aattList.mergeAttributes(sstate); 42 nResult = r.authenticate(username, renewpin, aattList); 43 System.out.println(r.getPacketType()); 44 System.out.println("r.getErrorString():" + r.getErrorString()); 4546 if (nResult == 11){ 47 AttributeList rrresponse = r.getAttributes(); 48 AttributeList ssstate = rrresponse.getAttributeList(Attribute.State); 49 r.reset(); 50 System.out.println("posscode"); 51 Scanner ressa = new Scanner(System.in); 52 String ressl = ressa.next(); 53 String passcode = ressl + ""; 54 AttributeList reaattList = new AttributeList(); 55 reaattList.addAttribute(Attribute.NAS_Port, 1); 56 nResult = r.authenticate(username, passcode, reaattList); 57 System.out.println(r.getPacketType()); 58 System.out.println("r.getErrorString():" + r.getErrorString()); 59 System.out.println("nResult:" + nResult); 60 if (nResult == 2){ 61 return "AUTH SUCCESS"; 62 } 63 } 64 } 65 if (nResult == 2){ 66 return "AUTH SUCCESS"; 67 } 68 case 2: 69 70 return "AUTH SUCCESS"; 71 default: 72 73 break; 74 } 75 return "AUTH FAILURE";