基于rsa SecurID的二次验证。RSA server自身可以作为Radius服务器,RSA也可以和其他的软件集合,使用其他的server作为Radius服务器。
radius的验证的一般流程如下图:
用java实现的主要代码实现如下(需要导入radius相关jar包,主要为radiusclient3.jar):
①radius第一次验证, RADIUSClient的4个参数分别为server ip,port,Radius的密钥,radius输入超时时间. authenticate的username和passWord即为所需要验证的用户.
1 RADIUSClient r = null;2 int nResult = 0; r = new RADIUSClient("ip", port , "secret" , radius_soctet_timeout);3 r.setDebug(true);4 AttributeList aList = new AttributeList();5 aList.addAttribute(Attribute.NAS_Port, 1);6 nResult = r.authenticate(username, password, aList);
②跟据返回的nResult进行判断.代码中的数字3代表access_reject, 数字0代表access_badpacket, 数字11代表access_challenge, 数字2代表access_accept.
当遇到access_challenge时,有两种情况,一只是需要new pin(new pin的情况相对复杂一点), 另一种是需要next token.另外,这个Attribute.State属性是一直要继承的,用来区分
是否是我们需要的那一次验证(如代码25, 26行,就把state带入下一次验证,用来验证识别).
1 switch (nResult) { 2 case 3: 3 try{ 4 AttributeList response = r.getAttributes(); 5 AttributeList state = response.getAttributeList(Attribute.State); 6 } 7 catch(Exception e){ 8 9 }10 11 break;12 case 0:13 14 break;15 case 11:16 AttributeList response = r.getAttributes();17 AttributeList state = response.getAttributeList(Attribute.State);18 r.reset();19 System.out.PRintln(":");20 Scanner sa = new Scanner(System.in);21 String sl = sa.next();22 String mima = sl + ""; 23 AttributeList attList = new AttributeList();24 attList.addAttribute(Attribute.NAS_Port, 1);25 attList.mergeAttributes(state);26 nResult = r.authenticate(username, mima, attList);27 System.out.println(r.getPacketType());28 System.out.println("r.getErrorString():" + r.getErrorString());29 System.out.println("Second nResult:" + nResult);30 if(nResult == 11){31 AttributeList rresponse = r.getAttributes();32 AttributeList sstate = rresponse.getAttributeList(Attribute.State); 33 r.reset();34 System.out.println("re new pins");35 Scanner ssa = new Scanner(System.in);36 String ssl = ssa.next();37 String renewpin = ssl + "";38 System.out.println(renewpin);39 AttributeList aattList = new AttributeList();40 aattList.addAttribute(Attribute.NAS_Port, 1);41 aattList.mergeAttributes(sstate);42 nResult = r.authenticate(username, renewpin, aattList);43 System.out.println(r.getPacketType());44 System.out.println("r.getErrorString():" + r.getErrorString());4546 if (nResult == 11){47 AttributeList rrresponse = r.getAttributes();48 AttributeList ssstate = rrresponse.getAttributeList(Attribute.State);49 r.reset();50 System.out.println("posscode");51 Scanner ressa = new Scanner(System.in);52 String ressl = ressa.next();53 String passcode = ressl + "";54 AttributeList reaattList = new AttributeList();55 reaattList.addAttribute(Attribute.NAS_Port, 1);56 nResult = r.authenticate(username, passcode, reaattList);57 System.out.println(r.getPacketType());58 System.out.println("r.getErrorString():" + r.getErrorString());59 System.out.println("nResult:" + nResult);60 if (nResult == 2){61 return "AUTH SUCCESS";62 }63 }64 }65 if (nResult == 2){66 return "AUTH SUCCESS";67 }68 case 2:69 70 return "AUTH SUCCESS";71 default:72 73 break;74 }75 return "AUTH FAILURE";
转载请注明出处:http://www.VEVb.com/huhanbo/p/4087827.html
新闻热点
疑难解答