Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/122#discussion_r101211766
--- Diff:
extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
---
@@ -0,0 +1,223 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.radius;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.Arrays;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.guacamole.auth.radius.user.AuthenticatedUser;
+import org.apache.guacamole.auth.radius.form.RadiusChallengeResponseField;
+import org.apache.guacamole.auth.radius.form.RadiusStateField;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.form.Field;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import
org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
+import
org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import net.jradius.dictionary.Attr_State;
+import net.jradius.exception.UnknownAttributeException;
+import net.jradius.packet.RadiusPacket;
+import net.jradius.packet.AccessAccept;
+import net.jradius.packet.AccessChallenge;
+import net.jradius.packet.AccessReject;
+import net.jradius.packet.AccessRequest;
+import net.jradius.packet.AccessResponse;
+import net.jradius.packet.attribute.AttributeList;
+import net.jradius.packet.attribute.RadiusAttribute;
+
+/**
+ * Service providing convenience functions for the RADIUS
AuthenticationProvider
+ * implementation.
+ *
+ * @author Michael Jumper
+ */
+public class AuthenticationProviderService {
+
+ /**
+ * Logger for this class.
+ */
+ private final Logger logger =
LoggerFactory.getLogger(AuthenticationProviderService.class);
+
+ /**
+ * Service for creating and managing connections to RADIUS servers.
+ */
+ @Inject
+ private RadiusConnectionService radiusService;
+
+ /**
+ * Service for retrieving RADIUS server configuration information.
+ */
+ @Inject
+ private ConfigurationService confService;
+
+ /**
+ * Provider for AuthenticatedUser objects.
+ */
+ @Inject
+ private Provider<AuthenticatedUser> authenticatedUserProvider;
+
+ /**
+ * Returns an AuthenticatedUser representing the user authenticated by
the
+ * given credentials.
+ *
+ * @param credentials
+ * The credentials to use for authentication.
+ *
+ * @return
+ * An AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @throws GuacamoleException
+ * If an error occurs while authenticating the user, or if access
is
+ * denied.
+ */
+ public AuthenticatedUser authenticateUser(Credentials credentials)
+ throws GuacamoleException {
+
+ // Grab the HTTP Request from the credentials object
+ HttpServletRequest request = credentials.getRequest();
+
+ // Set up RadiusPacket object
+ RadiusPacket radPack;
+
+ // Ignore anonymous users
+ if (credentials.getUsername() == null ||
credentials.getUsername().isEmpty())
+ return null;
+
+ // Password is required
+ if (credentials.getPassword() == null ||
credentials.getPassword().isEmpty())
+ return null;
+
+ String challengeResponse =
request.getParameter(RadiusChallengeResponseField.PARAMETER_NAME);
+ String radiusState =
request.getParameter(RadiusStateField.PARAMETER_NAME);
+
+ // We do not have a challenge response, so we proceed normally
+ if (challengeResponse == null || challengeResponse.isEmpty()) {
+
+ // Initialize Radius Packet and try to authenticate
+ try {
+ radPack =
radiusService.authenticate(credentials.getUsername(),
+ credentials.getPassword());
+ }
+ catch (GuacamoleException e) {
+ logger.error("Cannot configure RADIUS server: {}",
e.getMessage());
+ logger.debug("Error configuring RADIUS server.", e);
+ radPack = null;
+ }
+
+ // If configure fails, permission to login is denied
+ if (radPack == null) {
+ logger.debug("Nothing in the RADIUS packet.");
+ throw new GuacamoleInvalidCredentialsException("Permission
denied.", CredentialsInfo.USERNAME_PASSWORD);
+ }
+
+ // If we get back an AccessReject packet, login is denied.
+ else if (radPack instanceof AccessReject) {
+ logger.debug("Login has been rejected by RADIUS server.");
+ throw new GuacamoleInvalidCredentialsException("Permission
denied.", CredentialsInfo.USERNAME_PASSWORD);
+ }
+
+ /**
+ * If we receive an AccessChallenge package, the server needs
more information -
--- End diff --
This is a JavaDoc-style block comment, and shouldn't be used except when
actually meant as JavaDoc (ie: for a function, property, class, etc.). In any
case, the defacto-style of Java and JavaScript in this codebase is to not use
block comments at all; you'll want to just use normal `//` for each line.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
