基于rsa SecurID的二次验证。RSA server自身可以作为Radius服务器,RSA也可以和其他的软件集合,使用其他的server作为Radius服务器。
radius的验证的一般流程如下图:
用java实现的主要代码实现如下(需要导入radius相关jar包,主要为radiusclient3.jar):
①radius第一次验证, RADIUSClient的4个参数分别为server ip,port,Radius的密钥,radius输入超时时间. authenticate的username和password即为所需要验证的用户.
1 RADIUSClient r = null;
2 int nResult = 0; r = new RADIUSClient("ip", port , "secret" , radius_soctet_timeout);
3 r.setDebug(true);
4 AttributeList aList = new AttributeList();
5 aList.addAttribute(Attribute.NAS_Port, 1);
6 nResult = r.authenticate(username, password, aList);
②跟据返回的nResult进行判断.代码中的数字3代表access_reject, 数字0代表access_badpacket, 数字11代表access_challenge, 数字2代表access_accept.
当遇到access_challenge时,有两种情况,一只是需要new pin(new pin的情况相对复杂一点), 另一种是需要next token.另外,这个Attribute.State属性是一直要继承的,用来区分
是否是我们需要的那一次验证(如代码25, 26行,就把state带入下一次验证,用来验证识别).
1 switch (nResult) {
2 case 3:
3 try{
4 AttributeList response = r.getAttributes();
5 AttributeList state = response.getAttributeList(Attribute.State);
6 }
7 catch(Exception e){
8
9 }
10
11 break;
12 case 0:
13
14 break;
15 case 11:
16 AttributeList response = r.getAttributes();
17 AttributeList state = response.getAttributeList(Attribute.State);
18 r.reset();
19 System.out.println(":");
20 Scanner sa = new Scanner(System.in);
21 String sl = sa.next();
22 String mima = sl + "";
23 AttributeList attList = new AttributeList();
24 attList.addAttribute(Attribute.NAS_Port, 1);
25 attList.mergeAttributes(state);
26 nResult = r.authenticate(username, mima, attList);
27 System.out.println(r.getPacketType());
28 System.out.println("r.getErrorString():" + r.getErrorString());
29 System.out.println("Second nResult:" + nResult);
30 if(nResult == 11){
31 AttributeList rresponse = r.getAttributes();
32 AttributeList sstate = rresponse.getAttributeList(Attribute.State);
33 r.reset();
34 System.out.println("re new pins");
35 Scanner ssa = new Scanner(System.in);
36 String ssl = ssa.next();
37 String renewpin = ssl + "";
38 System.out.println(renewpin);
39 AttributeList aattList = new AttributeList();
40 aattList.addAttribute(Attribute.NAS_Port, 1);
41 aattList.mergeAttributes(sstate);
42 nResult = r.authenticate(username, renewpin, aattList);
43 System.out.println(r.getPacketType());
44 System.out.println("r.getErrorString():" + r.getErrorString());
4546 if (nResult == 11){
47 AttributeList rrresponse = r.getAttributes();
48 AttributeList ssstate = rrresponse.getAttributeList(Attribute.State);
49 r.reset();
50 System.out.println("posscode");
51 Scanner ressa = new Scanner(System.in);
52 String ressl = ressa.next();
53 String passcode = ressl + "";
54 AttributeList reaattList = new AttributeList();
55 reaattList.addAttribute(Attribute.NAS_Port, 1);
56 nResult = r.authenticate(username, passcode, reaattList);
57 System.out.println(r.getPacketType());
58 System.out.println("r.getErrorString():" + r.getErrorString());
59 System.out.println("nResult:" + nResult);
60 if (nResult == 2){
61 return "AUTH SUCCESS";
62 }
63 }
64 }
65 if (nResult == 2){
66 return "AUTH SUCCESS";
67 }
68 case 2:
69
70 return "AUTH SUCCESS";
71 default:
72
73 break;
74 }
75 return "AUTH FAILURE";
时间: 2024-11-03 03:38:51